problems with Request.UrlReferrer

H

Harley

i have found a problem when using Request.UrlReferrer. if i call the page
using a javascript function, the referrer is null...
i need to call a page and open it on a specific browser size, with no
toolbar, menu, etc. and also need to check that the call comes from a
specific page.
how to make request.UrlReferrer work?
 
J

John Saunders

Harley said:
i have found a problem when using Request.UrlReferrer. if i call the page
using a javascript function, the referrer is null...
i need to call a page and open it on a specific browser size, with no
toolbar, menu, etc. and also need to check that the call comes from a
specific page.
how to make request.UrlReferrer work?
Click to expand...

What makes you think it's broken?

If you want the page to know which page it came from, even when invoked by
your JavaScript function, then send the URL in a query string.
 
H

Harley

but theres an html header that automatically gives you that... the
Request.Referrer function read the header and exposes its value...
in my case, i need to know the url of the referrer because the system will
only allow calls from specific URLs. if you pass it as a parameter manually,
the security is useless.
everything work ok using standard <A HREF> but a call using javascripts
windows.open gives a blank referrer.
 
J

John Saunders

Harley said:
but theres an html header that automatically gives you that...
Click to expand...

Yes, but are you sure that this header was supplied? Perhaps it wasn't.
the
Request.Referrer function read the header and exposes its value...
in my case, i need to know the url of the referrer because the system will
only allow calls from specific URLs. if you pass it as a parameter manually,
the security is useless.
Click to expand...

The security is useless anyway! The header comes from the client as well.
Surely if the client can spoof the querystring, then the client can spoof
the Referrer header.

You should find another security method.
 
H

Harley

sure, youre right the client can spoof with the header... the check is not
supposed to provide a tight security, but an additional annoyance to
unauthorized calls.
i though that window.open ('www.server.com/page.htm') would create a regular
normal http header, including the referrer. am i wrong?
 
J

John Saunders

Harley said:
sure, youre right the client can spoof with the header... the check is not
supposed to provide a tight security, but an additional annoyance to
unauthorized calls.
i though that window.open ('www.server.com/page.htm') would create a regular
normal http header, including the referrer. am i wrong?
Click to expand...

If you look at the header, I believe you'll find that you're wrong.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Request.UrlReferrer 1
NLB Service and Request.UrlReferrer? 0
problem with Request.urlReferrer 0
Can't solve problems! please Help 0
The problem of Request.UrlReferrer 2
Request.UrlReferrer doesn't work 1
Request.UrlReferrer and Nortan Internet Security 2005 7
Usage of "Request.UrlReferrer" 1

Members online

Total: 29 (members: 3, guests: 26)
Robots: 229

Forum statistics

Threads
473,764
Messages
2,569,567
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top