HOWTO change the "Referer" http header?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Charles_Maller
Posted On:   Wednesday, April 25, 2001 07:05 PM

Hi, I'm getting a little frustrated with this problem. How do I change the http header "Referer" prior to a browser redirect? Scenario --------- (Site1) User clicks a SITE2 link for a pdf file (Site2) User passes through site (contains jsp logic for redirect) (Site3) User gets pdf file (there is referer security on SITE3 which only allows access from SITE2) Using the scenario above, I've tried the following SITE2 code without success. (1) ----------- response.setStatus(302); response.setHeader("Referer", "http://127.0.0.1/"); response.setHeader("Locatio   More>>

Hi,



I'm getting a little frustrated with this problem. How do I change the http header "Referer" prior to a browser redirect?



Scenario ---------



(Site1) User clicks a SITE2 link for a pdf file

(Site2) User passes through site (contains jsp logic for redirect)

(Site3) User gets pdf file (there is referer security on SITE3 which only allows access from SITE2)




Using the scenario above, I've tried the following SITE2 code without success.



(1) -----------

response.setStatus(302);
response.setHeader("Referer", "http://127.0.0.1/");

response.setHeader("Location", "http://127.0.0.1/site3.jsp?f=1");



(2) -----------

response.setHeader("Referer", "http://127.0.0.1/");


response.setHeader("Location", "http://127.0.0.1/site3.jsp?f=1");



Using the below code at SITE3, the referer header displays SITE1, not the expected SITE2.

- request.getHeader("Referer")



Any ideas??

   <<Less

Re: HOWTO change the &quot;Referer&quot; http header?

Posted By:   AlessandroA_Garbagnati  
Posted On:   Sunday, April 29, 2001 11:54 PM

Hi,

I'm afraid you cannot change the Referer header, because the content of that header is fully controlled by the browser. I think that no matter what the actual context of that header is, the browser will override it.

reading some documents at the W3Consortium it looks like that there are probably security reason for that. With the referer header, for example, you can in some way 'restrict' access to a page only if the user is coming from a specific page, disallowing, in fact, bookmarking that page.
About | Sitemap | Contact