Menu
My actual implementation of this is much more complicated, with authentication and a bunch of other stuff, but at the simplest form, here's the problem I'm having. Redirecting with header doesn't reveal itself as a referer.
So, let's say I have three pages: start.php, middle.php and end.php
start.php
<html><body>
<a href="middle.php">middle</a>
</body></html>
middle.php
<?php
header('Location: end.php');
?>
end.php
<?php
echo 'The referer is: ' . $_SERVER['HTTP_REFERER'];
?>
When you follow the link, you end up at end.php, but the referer is not middle.php. Is there any other redirection method I can use to correct this, or anything else I can do?
Cheers
EDIT In this case, the destination page is a third party vendor. The only method they have to validate is from refering URL. I have no control over that. I just need my page that does the redirect to send the proper URL. Are there any alternatives to this redirection method, rather than picking apart the reasons not to trust http_referer?
783
Sorry, but it's out of your control, only the browser can send that header - and not all do. It can be easily faked, so don't rely on it.
More information is available on this php bug (which was marked not a bug).
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
