Ask a Question related to ASP.NET General, Design and Development.
-
Harley #1
problems with Request.UrlReferrer
i have found a problem when using Request.UrlReferrer. if i call the page
using a javascript function, the referrer is null...
i need to call a page and open it on a specific browser size, with no
toolbar, menu, etc. and also need to check that the call comes from a
specific page.
how to make request.UrlReferrer work?
Harley Guest
-
install Apache::Request problems.
I've been trying to install a bunch of perl modules all day using CPAN. I've come to install Apache::Request and it seems to go through fine up... -
Problems to install Apache::Request
Hi I am not very experienced with Perl. I try to install RT and part of it is to install the module Apache::Request. While all other modules... -
UrlReferrer issue
Hi all! I am developing an intranet app and have a problem with the Request.UrlReferrer object. I use it to keep a "linkstack" of all pages... -
Request.UrlReferrer and SSL certificate
I have a website that checks the Request.UrlReferrer variable. This routine was working ok, until we created a ssl certificate on the server. Now,... -
Request.UrlReferrer is nothing
I have a website that checks for the correct referer and it was working fine until we implemented and ssl certificate (https). Now, the... -
John Saunders #2 Re: problems with Request.UrlReferrer
"Harley" <harleyobrien%40hotmail.com> wrote in message
news:eOC1yHrXDHA.3444@tk2msftngp13.phx.gbl...What makes you think it's broken?> i have found a problem when using Request.UrlReferrer. if i call the page
> using a javascript function, the referrer is null...
> i need to call a page and open it on a specific browser size, with no
> toolbar, menu, etc. and also need to check that the call comes from a
> specific page.
> how to make request.UrlReferrer work?
If you want the page to know which page it came from, even when invoked by
your JavaScript function, then send the URL in a query string.
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]
John Saunders Guest
-
Harley #3 Re: problems with Request.UrlReferrer
but theres an html header that automatically gives you that... the
Request.Referrer function read the header and exposes its value...
in my case, i need to know the url of the referrer because the system will
only allow calls from specific URLs. if you pass it as a parameter manually,
the security is useless.
everything work ok using standard <A HREF> but a call using javascripts
windows.open gives a blank referrer.
"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:%23W9AKSrXDHA.2484@TK2MSFTNGP09.phx.gbl...page> "Harley" <harleyobrien%40hotmail.com> wrote in message
> news:eOC1yHrXDHA.3444@tk2msftngp13.phx.gbl...> > i have found a problem when using Request.UrlReferrer. if i call the>> > using a javascript function, the referrer is null...
> > i need to call a page and open it on a specific browser size, with no
> > toolbar, menu, etc. and also need to check that the call comes from a
> > specific page.
> > how to make request.UrlReferrer work?
> What makes you think it's broken?
>
> If you want the page to know which page it came from, even when invoked by
> your JavaScript function, then send the URL in a query string.
> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>
Harley Guest
-
John Saunders #4 Re: problems with Request.UrlReferrer
"Harley" <harleyobrien%40hotmail.com> wrote in message
news:eJJD71rXDHA.2200@TK2MSFTNGP09.phx.gbl...Yes, but are you sure that this header was supplied? Perhaps it wasn't.> but theres an html header that automatically gives you that...
manually,> the
> Request.Referrer function read the header and exposes its value...
> in my case, i need to know the url of the referrer because the system will
> only allow calls from specific URLs. if you pass it as a parameterThe security is useless anyway! The header comes from the client as well.> the security is useless.
Surely if the client can spoof the querystring, then the client can spoof
the Referrer header.
You should find another security method.
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]
John Saunders Guest
-
Harley #5 Re: problems with Request.UrlReferrer
sure, youre right the client can spoof with the header... the check is not
supposed to provide a tight security, but an additional annoyance to
unauthorized calls.
i though that window.open ('www.server.com/page.htm') would create a regular
normal http header, including the referrer. am i wrong?
"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:ehas8CsXDHA.1384@TK2MSFTNGP10.phx.gbl...will> "Harley" <harleyobrien%40hotmail.com> wrote in message
> news:eJJD71rXDHA.2200@TK2MSFTNGP09.phx.gbl...>> > but theres an html header that automatically gives you that...
> Yes, but are you sure that this header was supplied? Perhaps it wasn't.
>> > the
> > Request.Referrer function read the header and exposes its value...
> > in my case, i need to know the url of the referrer because the system> manually,> > only allow calls from specific URLs. if you pass it as a parameter>> > the security is useless.
> The security is useless anyway! The header comes from the client as well.
> Surely if the client can spoof the querystring, then the client can spoof
> the Referrer header.
>
> You should find another security method.
>
> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>
Harley Guest
-
John Saunders #6 Re: problems with Request.UrlReferrer
"Harley" <harleyobrien%40hotmail.com> wrote in message
news:OtIHg9tXDHA.2284@TK2MSFTNGP10.phx.gbl...regular> sure, youre right the client can spoof with the header... the check is not
> supposed to provide a tight security, but an additional annoyance to
> unauthorized calls.
> i though that window.open ('www.server.com/page.htm') would create aIf you look at the header, I believe you'll find that you're wrong.> normal http header, including the referrer. am i wrong?
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]
John Saunders Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
