Forum

HTTP_REFERER

Duke Normandin
28 December 2010, 04:05
Hello Hugo...

Happy New Year!

I want to use HTTP_REFERER in a CGI script - but with no luck.

I think that this is perhaps a security issue. Is there a way to force my browser to send this header?

Does Hiawatha block this header at all? Thanks!
Hugo Leisink
28 December 2010, 08:13
Hi Duke, the new year hasn't yet started here

Hiawatha does not block any header, including the referer. What browser you using? Perhaps you've installed some add-on that hides the referer header?
Duke Normandin
28 December 2010, 18:49
I'm using Seamonkey - a Mozilla product, I guess.

I just tested my scripts with "elinks" and "links2". These two text-based browsers allow the user to configure how HTTP_REFERER should be handled. Using these two browsers my scripts work. I think what I'll do in the future is to append:

"http://www" + SERVER_NAME + SCRIPT_NAME

to build my "Home" URL. That way, I'll avoid the HTTP_REFERER security issues. What do you think?
Hugo Leisink
28 December 2010, 19:33
I have no idea what you are trying to do, so I have no idea about any possible security issues.
Duke Normandin
28 December 2010, 22:31
I want to create a link, at the bottom of the page generated by my script, that will send the user back to the originating html page. I was trying to do so in as generic a way as possible. HTTP_REFERER would have covered all possibilities. I've since discovered that HTTP_REFERER only gives you the F.Q. script name, and not the original page where the form is. Any ideas on how to do that?
Hugo Leisink
30 December 2010, 00:38
Is the referring page always within the same website or can it be any page on the internet?
Duke Normandin
30 December 2010, 03:08
It could be both, actually. My script could be used in an Intranet - which is what it was created for. However, it could also be used in the wild.
Hugo Leisink
30 December 2010, 08:17
Well, in that case the HTTP_REFERER is your only option. Problem is that that header item can be forged. Privacy-protecting browser add-ons will very likely remote that header line. Nothing to do about it.
Duke Normandin
30 December 2010, 20:47
OK - thanks!
This topic has been closed.