WebApp Sec mailing list archives
Re: HTTP REFERER not set in Internet Explorer
From: Marc Koschewski <marc () osknowledge org>
Date: Thu, 17 Nov 2005 11:03:19 +0100
* Saqib Ali <docbook.xml () gmail com> [2005-11-16 08:16:33 -0800]:
Hello, I am writing a secure application that tracks users on a website by use of HTTP_REFERER. But see like Internet Explorer is not properly populating this field. Visit the following website using IE and Firefox. http://www.xml-dev.com/blog/referer_test.php And click on the Link that says "Click Here" With Firefox, the correct HTTP_REFERER will be displayed after you click the link. But with I.E. the HTTP_REFERER is set to blank. Has anyone ran into this issue? How did you make your application compatible with both I.E and Mozilla based browsers? Because of some security concerns I need the HTTP_REFERER to be set correctly. If it is not possible, I will have to restrict my users to a Mozilla based browser.
Hi Saqib, I'm not able to test this case due to having no IE available. But I know IE doesn't send HTTP-REFERERs in windows that have been opened by window.open(). If you use target '_blank' it works, however. For HTTP-REFERER type of security IE is rather useless when using pop-up windows then. Just my 2 cents... :) Regards, Marc
Attachment:
signature.asc
Description: Digital signature
Current thread:
- HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 16)
- Re: HTTP REFERER not set in Internet Explorer Marc Koschewski (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Tobias Schlitt (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Amit Klein (AKsecurity) (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Jonathan Angliss (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer George Johnson (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Chris Varenhorst (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Todd Hendricks (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Dean H. Saxe (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Greg Skouby (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Richard M. Smith (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
(Thread continues...)
- Re: HTTP REFERER not set in Internet Explorer Marc Koschewski (Nov 17)