Menu
it seems I have run into a problem with Internet Explorer 7. I have an html page that has links to files on another server. The server I am linking to checks the referrer of the request and if the referrer is valid, it allows access to the resource. It works fine in firefox 2 and 3 (as the server my html page is located on is a valid referer) but in internet explorer it doesn't work, the other server denies me the resource(generates an http 403 error). I was doing some searching and stumbled on this http://support.microsoft.com/kb/178066 and I have tried the html page in both https and http and same thing for the server I am connecting to but I get nothing Internet explorer. what can I do to work around this?
thank you
671
You may want to use a different mechanism anyway. Referrers are easily spoofed. Checking referrers really isn't a good security solution, and if they're going to cause you headaches like this, maybe you want to find another way.
For example, the server generating the first page could add an authorization token to the URLs to the second server, and the second server could check that the tokens are valid. This way, all of the details are under your control, and the only browser behavior you're counting on is that the full URL is sent to the second server.
32
How are you "getting to" the file in question?
IF YOU ARE USING JAVASCRIPT to get to the file, IE WILL FAIL.
IE has had a major bug since the dawn of time on this.
e.g. document.location.href = 'myNewPage.html'; //FAILS to pass referer in IE
Bug #421 over on Web Bug Track
won't be fixed in IE8 either! :-(
94
I find this solution at http://dracoblue.net/dev/referer-with-documentlocation-is-broken-in-internet-explorer/145/ , but i haven't tried myself
function goto(url)
{
var referLink = document.createElement('a');
referLink.href = url;
document.body.appendChild(referLink);
referLink.click();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
