WebApp Sec mailing list archives
Re: HTTP REFERER not set in Internet Explorer
From: Chris Varenhorst <varenc () MIT EDU>
Date: Wed, 16 Nov 2005 21:32:52 -0500 (EST)
I find this an interesting problem. Internet Explorer definitely sends a referrer header, but for some reason in this circumstance it isn't. I suspect its because you're using javascript to change the page. I'm not sure what exactly is the "proper" way for a browser to act. I would recommend just don't use javascript when you need to check the referrer.
Good luck, -Chris Varenhorst On Wed, 16 Nov 2005, Saqib Ali wrote:
Hello, I am writing a secure application that tracks users on a website by use of HTTP_REFERER. But see like Internet Explorer is not properly populating this field. Visit the following website using IE and Firefox. http://www.xml-dev.com/blog/referer_test.php And click on the Link that says "Click Here" With Firefox, the correct HTTP_REFERER will be displayed after you click the link. But with I.E. the HTTP_REFERER is set to blank. Has anyone ran into this issue? How did you make your application compatible with both I.E and Mozilla based browsers? Because of some security concerns I need the HTTP_REFERER to be set correctly. If it is not possible, I will have to restrict my users to a Mozilla based browser. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 16)
- Re: HTTP REFERER not set in Internet Explorer Marc Koschewski (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Tobias Schlitt (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Amit Klein (AKsecurity) (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Jonathan Angliss (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer George Johnson (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Chris Varenhorst (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Todd Hendricks (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Dean H. Saxe (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Greg Skouby (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Richard M. Smith (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
- <Possible follow-ups>
- RE: HTTP REFERER not set in Internet Explorer Amichai Shulman (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Jeff Robertson (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Einecker, Leah (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Ory Segal (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
(Thread continues...)
- Re: HTTP REFERER not set in Internet Explorer Marc Koschewski (Nov 17)