Forum

Hello Hugo...

Happy New Year!

I want to use HTTP_REFERER in a CGI script - but with no luck.

I think that this is perhaps a security issue. Is there a way to force my browser to send this header?

Does Hiawatha block this header at all? Thanks!

Hi Duke, the new year hasn't yet started here

Hiawatha does not block any header, including the referer. What browser you using? Perhaps you've installed some add-on that hides the referer header?

I'm using Seamonkey - a Mozilla product, I guess.

I just tested my scripts with "elinks" and "links2". These two text-based browsers allow the user to configure how HTTP_REFERER should be handled. Using these two browsers my scripts work. I think what I'll do in the future is to append:

"http://www" + SERVER_NAME + SCRIPT_NAME

to build my "Home" URL. That way, I'll avoid the HTTP_REFERER security issues. What do you think?

I have no idea what you are trying to do, so I have no idea about any possible security issues.

I want to create a link, at the bottom of the page generated by my script, that will send the user back to the originating html page. I was trying to do so in as generic a way as possible. HTTP_REFERER would have covered all possibilities. I've since discovered that HTTP_REFERER only gives you the F.Q. script name, and not the original page where the form is. Any ideas on how to do that?

Is the referring page always within the same website or can it be any page on the internet?

It could be both, actually. My script could be used in an Intranet - which is what it was created for. However, it could also be used in the wild.

Well, in that case the HTTP_REFERER is your only option. Problem is that that header item can be forged. Privacy-protecting browser add-ons will very likely remote that header line. Nothing to do about it.

OK - thanks!