Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Alternative to "Referer" Header

I have used the code "request.getHeader("Referer");" The code seemed to work fine. But recently I found out that it is not working in IE. IE was throwing null. I am now left clueless about how to go forward. Is there any alternative for "Referer" header which can get the previous link and work correctly in all the browsers? Setting a custom header from the previous link is not a viable option for me. So someone please help me out on this. Thanks.

like image 276
Ebbu Abraham Avatar asked Aug 23 '10 09:08

Ebbu Abraham


People also ask

Is Referer header optional?

In HTTP, "Referer" (a misspelling of Referrer) is the name of an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI), from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

Can you fake Referer header?

Yes, the HTTP referer header can be spoofed. A common way to play with HTTP headers is to use a tool like cURL: Sending headers using cURL: How to send a header using a HTTP request through a curl call?

How reliable is the Referer header?

The usage of this header increases the risk of privacy and security breaches on a website but it allows websites and web servers to identify where the traffic is coming from. The Referer can not be sent by the browsers if the resource is the local file or data.

How do I redirect without a referrer?

You will need to redirect through another page. You can do a POST to your own page which then does a redirect to the destination. This will show only your intermediate page as the referrer. There is not a way to do this with just javascript.


2 Answers

The "Referer" header entry is optional. You cannot rely on it being present. There is no cross-browser way to get the previous link because this depends on the user settings and proxy configuration (i.e. what the system administrators think they should allow you to see).

You must find a way to live without this information.

like image 66
Aaron Digulla Avatar answered Oct 18 '22 03:10

Aaron Digulla


It's unclear what you need it for, but I suspect that you need it to be able to go back to some "initial page" at the same website when some action is finished. Your best option is then to pass the request URI around as request parameter. E.g. a login link:

<a href="/login?from=${pageContext.request.requestURI}">login</a>

In the login form, retain it for the next request as hidden input value of the form:

<input type="hidden" name="from" value="${param.from}">

In the login action method, just redirect to that URL after finishing the action.

response.sendRedirect(request.getParameter("from"));

If this isn't what you're looking for, then you should really elaborate your question more to ask how to achieve a functional requirement rather than asking how to achieve a (wrong) solution.

Relying any business logic flow on the referer was really been a bad idea from the beginning on. Your first webdeveloper lesson should have been: the enduser has full control over what s/he sends with the HTTP request. You shouldn't rely on all that information being present, let alone 100% correct.

like image 24
BalusC Avatar answered Oct 18 '22 02:10

BalusC