Environment variables - exceptions? - Perl Server Side CGI Scripting forum at WebmasterWorld

Forum Moderators: coopster & phranque

Message Too Old, No Replies

Environment variables - exceptions?

FF doesn't appear to handle HTTP_REFERER

molecularr

8:02 pm on Aug 12, 2004 (gmt 0)

Hello,

I've got a script which relies (at one point) on reading the ENV{HTTP_REFERER} variable to maintain state. I hadn't checked it in a month or two, but when I went back to it, I found it breaking if viewed in FireFox. Works fine in everything else.

I suspected it wasn't catching the referrer, so I did a little test script (env.cgi -- prints all the environment variables it can find) and sure enough, when I run that script in FF, http_referer doesn't show up.

It shows up in everything else though.

What's going on here? I've never pretended to know too much about ENV variables, but this is baffling me.

Any suggestions?

kaled

10:53 pm on Aug 12, 2004 (gmt 0)

Browsers can be configured to not send HTTP_REFERER data.

Open the pseudo page about:config in Firefox and check the value network.http.sendRefererHeader I believe the value 2 is required for normal behaviour.

Kaled.

molecularr

12:21 am on Aug 13, 2004 (gmt 0)

Yeah that did it. Wow.

It says that it was "user set" to 0? Any idea how I might have done that inadvertently?

kaled

8:27 am on Aug 13, 2004 (gmt 0)

Extensions can, I believe, adjust these settings. If you installed a security extension of some sort, it might have adjusted this.

Kaled.

molecularr

12:11 am on Aug 15, 2004 (gmt 0)

Weird--I don't remember doing anything like that, but I just upgraded some hardware gunk, so that may have happened in the re-installing of things.

Thanks!

coopster

2:09 am on Aug 15, 2004 (gmt 0)

>>I've got a script which relies (at one point) on reading the ENV{HTTP_REFERER} variable to maintain state.

Now you may want to reconsider using this approach ;)

jdMorgan

3:13 am on Aug 15, 2004 (gmt 0)

Yes, since direct type-ins and JavaScript-loaded resources will have no referer, and Norton Internet Security and many corporate and ISP caching proxies (such as AOL) block referrers. HTTP Referrers are totally unreliable as the basis for any serious control mechanism.

Jim