Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Browsers/blockers stopping http_referer 2
- Thread starter 1DMF
- Start date
BillyRayPreachersSon
Programmer
If you type "about:config" in the URL field of Firefox, there is a setting named "network.http.sendRefererHeader".
If you double-click it and set the value to 0, sending the referrer will be disabled.
Hope this helps,
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
If you double-click it and set the value to 0, sending the referrer will be disabled.
Hope this helps,
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
- Thread starter
- #3
BillyRayPreachersSon
Programmer
Huh? I thought you WANTED to be able to do this.
If you want to know how to do it only to stop users from using those browsers, then forget it. Any software that stops it from being sent from any browser would mean that your users could use no browsers at all - less than desirable.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
If you want to know how to do it only to stop users from using those browsers, then forget it. Any software that stops it from being sent from any browser would mean that your users could use no browsers at all - less than desirable.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
- Thread starter
- #5
No I needed to know why an error was occuring in my program when it run fine for everyone else.
The error msg was regarding the http_referer not having the correct value, it would seem what ever browser they were using or even other 3rd party software, it was blocking the referer info and so the program could not authenticate.
If they choose to use browsers that witholds this info and stop my program from being able to verify if the request should be authorised, that's fine, they just won't be able to use that part of the sites functionality.
If they want to use that section of the website they will either have to configure their software correctly or use a different browser that doesn't block it.
At least I tracked down the cause of the problem.
regards,
1DMF
The error msg was regarding the http_referer not having the correct value, it would seem what ever browser they were using or even other 3rd party software, it was blocking the referer info and so the program could not authenticate.
If they choose to use browsers that witholds this info and stop my program from being able to verify if the request should be authorised, that's fine, they just won't be able to use that part of the sites functionality.
If they want to use that section of the website they will either have to configure their software correctly or use a different browser that doesn't block it.
At least I tracked down the cause of the problem.
regards,
1DMF
BillyRayPreachersSon
Programmer
Firefox DOES NOT withold it UNLESS someone has specifically changed the value. Out-of-the-box, it works just fine.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
- Thread starter
- #7
It may have been other 3rd party software that was doing it, I know many popup blockers and internet tool bars have this facility.
What ever it is, they won't be able to use the site until they change it.
I'm all for security and peoples privacy, but some things just go too far.
What ever it is, they won't be able to use the site until they change it.
I'm all for security and peoples privacy, but some things just go too far.
BillyRayPreachersSon
Programmer
I don't think that people protecting their own privacy is going too far.
But I would say that penalising Firefox users without knowing that Firefox is the cause of the problem is going too far.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
But I would say that penalising Firefox users without knowing that Firefox is the cause of the problem is going too far.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
- Thread starter
- #9
BillyRayPreachersSon
Programmer
And I didn't say that you did. I said:
self said:
in response to your:
1DMF said:
Which bit of that isn't penalising Firefox users?
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
I have some problems with the way you have "solved" this problem for your users. Here is my take:
Your valued user, who has a problem with the solution you have delivered, has asked you for support.
Your response was to tell them they can't use Firefox.
If any of my developers came back at me with that - they would be looking for work elsewhere - and I don't care how good they think they are.
What makes this whole transaction more ludicrous is that you make opinionated (and arrogant) statements about a large section of the web development community (with your comments regarding FF users) whilst attempting to maintain a "holier-than-thou" stance toward the one person in the forum that provided you with feedback.
Actually... what really makes me laugh is that you are relying on the http_referrer for authentication purposes! Well... I guess it's easier than doing the job properly... which seems to be what you are satisfied with.
![[lol]](/data/assets/smilies/lol.gif "[lol] [lol]")
Jeff
- Thread starter
- #12
I'm all ears if you know of another way of telling what page refered the calling request.
I may have decided to say I'd tell them they can't use firefox, I've used it and think it suxs, but I never said that was the problem, or what I did to resolve it, I don't even know if they were using firefox, but I'm all for any excuse to stop people using that rubbish browser.
of course this is only my opinion, and anyone who wants to use firefox is more than welcome, but not on this particular site if they block the HTTP_REFERER.
To fix the problem I actually completely re-wrote a perl script to run standalone not using HTTP_REFERER as it actually isn't necesary for the particular part that was causing the error.
You assume too much and know nothing about the many sites I have, how they work, what they do or what I was bouncing off of one site to another to save me writing a specific script for the application as it used my RTF-Mail site to process forms and it uses the HTTP_REFERER, which I won't be changing unless you know of another way to tell the refering URL, but I was under the impression the way you tell that is by the HTTP_REFERER, the name of the environment variable tends to give it away me thinks!
I may have decided to say I'd tell them they can't use firefox, I've used it and think it suxs, but I never said that was the problem, or what I did to resolve it, I don't even know if they were using firefox, but I'm all for any excuse to stop people using that rubbish browser.
of course this is only my opinion, and anyone who wants to use firefox is more than welcome, but not on this particular site if they block the HTTP_REFERER.
To fix the problem I actually completely re-wrote a perl script to run standalone not using HTTP_REFERER as it actually isn't necesary for the particular part that was causing the error.
You assume too much and know nothing about the many sites I have, how they work, what they do or what I was bouncing off of one site to another to save me writing a specific script for the application as it used my RTF-Mail site to process forms and it uses the HTTP_REFERER, which I won't be changing unless you know of another way to tell the refering URL, but I was under the impression the way you tell that is by the HTTP_REFERER, the name of the environment variable tends to give it away me thinks!
-
1
- #13
As stated before many things now block the HTTP referer information. Norton "Internet Security" to name just one.
So, if your solution is to say "don't use X" then you are going to have to expand that list of "no-no" apps a bit.
If I recall correctly HTTP-REFERER is an optional part of the HTTP spec anyway. Ergo, any application that relies on it for core functionality will, at some point fail. As more and more people pull their privacy shutters down, then more and more people will find that your application doesn't work.
Now it might be that there is absolutely no way around your problem without knowing the refering page, but I doubt it.
Surely it is in your interests to find a solution that does not bar certain users from your site based on their personal preference for a web browser. That's old school web development of the worst order - circa 1995!
Give us some more info and perhaps we can help you come up with the means to make your app better.
Oh yes, I use Firefox and I'm tetchy. But that's my choice and yours is yours. I also use IE6, Mozilla, Opera, Netscape and Safari and I use a Windows machine and a Mac. I test all the work I do to make sure it works in each browser on each platform. Sometimes for commercial reasons browsers get left by the wayside - but this tends to be IE5 on the Mac which isn't used a great deal nowadays it seems.
Having said all that I would be very interested (from a developer perspective) in your reasons for saying that Firefox "sux".
Foamcow Heavy Industries - Web design and ranting
Target Marketing Communications - Advertising, Direct Marketing and Public Relations
I wonder what possesses people to make those animated gifs. Do you just get up in the morning and think, "You know what web design r
So, if your solution is to say "don't use X" then you are going to have to expand that list of "no-no" apps a bit.
If I recall correctly HTTP-REFERER is an optional part of the HTTP spec anyway. Ergo, any application that relies on it for core functionality will, at some point fail. As more and more people pull their privacy shutters down, then more and more people will find that your application doesn't work.
Now it might be that there is absolutely no way around your problem without knowing the refering page, but I doubt it.
Surely it is in your interests to find a solution that does not bar certain users from your site based on their personal preference for a web browser. That's old school web development of the worst order - circa 1995!
Give us some more info and perhaps we can help you come up with the means to make your app better.
Oh yes, I use Firefox and I'm tetchy. But that's my choice and yours is yours. I also use IE6, Mozilla, Opera, Netscape and Safari and I use a Windows machine and a Mac. I test all the work I do to make sure it works in each browser on each platform. Sometimes for commercial reasons browsers get left by the wayside - but this tends to be IE5 on the Mac which isn't used a great deal nowadays it seems.
Having said all that I would be very interested (from a developer perspective) in your reasons for saying that Firefox "sux".
Foamcow Heavy Industries - Web design and ranting
Target Marketing Communications - Advertising, Direct Marketing and Public Relations
I wonder what possesses people to make those animated gifs. Do you just get up in the morning and think, "You know what web design r
- Thread starter
- #14
Hey, I'm glad we have got the insults out the way and can have a proper discussion over the problem 
I do have firefox installed and use it to check my sites to ensure W3C compliance, well to a degree, it's not just the browsers persae that miff me but some of the whole W3C stuff, a prime example is an image link with a style attached for the mouse pointer...
in IE a hand will appear when you hover over the image, however to be w3C compliant it should be
Correct me if i'm wrong but my mouse starts as a pointer and changes to a hand when hovering over links, so WTF is W3C on about?
there are many other idiosyncrasies between W3C and common sense and I feel it's partly to do with the community on a Microsoft bashing spree, either way i appreciate there needs to be a standard to enable compatibility across the board.
anyhow back to my problem.
I wrote a script to enable me to have someone submit a form to my script which reads the form info and merges it with the template placed in the user interface part of the system.
This then emails you the form submitted with all the data including populating drop down lists with just the user selection, checkboxes ticked as per the user etc..
basically you get an email which is the exact copy of the form filled in with the user info.
The way I authenticate is checking if the program was called using the form from a domain that is acceptable (I have many companies using my system), so I check the HTTP_REFERER to ensure it was only the form from the corresponding authorised domain that made the call.
This way no-one can submit their own forms using my script or any of the other domains, even though i have an account I still could not submit a form from my domain trying to use another companies template.
hope that makes sense.
P.S. I think firefox sux, firstly because it is SLOW, secondly because it is a pain to integrate realplayer and i don't like WinAmp much, thirdly it doesn't line up form input fields nicely like IE does, I can probably think of a few more, but there is no point, I'm not here to bash anyones software, I just prefer IE, plain and simple, don't get me wrong, I wouldn't know where to start to write my own browser, fair play to the chaps who have managed it, but I still prefer IE.
Look at it this way, I write music and run a record company, the software I use is Making Waves Audio, many say you should use Fruity Loop, or Acid Music, or Cubase or Reason or Audio Logic etc...
I have all those programs I can't make them do didley squat, the one I find I get on best with and achieve results is MWA, it's all down to preference.
I do have firefox installed and use it to check my sites to ensure W3C compliance, well to a degree, it's not just the browsers persae that miff me but some of the whole W3C stuff, a prime example is an image link with a style attached for the mouse pointer...
Code:
<img src="blah" style="cursor:hand" onclick="window.open(blah blah);">
Code:
<img src="blah" style="cursor:pointer" onclick="window.open(blah blah);">there are many other idiosyncrasies between W3C and common sense and I feel it's partly to do with the community on a Microsoft bashing spree, either way i appreciate there needs to be a standard to enable compatibility across the board.
anyhow back to my problem.
I wrote a script to enable me to have someone submit a form to my script which reads the form info and merges it with the template placed in the user interface part of the system.
This then emails you the form submitted with all the data including populating drop down lists with just the user selection, checkboxes ticked as per the user etc..
basically you get an email which is the exact copy of the form filled in with the user info.
The way I authenticate is checking if the program was called using the form from a domain that is acceptable (I have many companies using my system), so I check the HTTP_REFERER to ensure it was only the form from the corresponding authorised domain that made the call.
This way no-one can submit their own forms using my script or any of the other domains, even though i have an account I still could not submit a form from my domain trying to use another companies template.
hope that makes sense.
P.S. I think firefox sux, firstly because it is SLOW, secondly because it is a pain to integrate realplayer and i don't like WinAmp much, thirdly it doesn't line up form input fields nicely like IE does, I can probably think of a few more, but there is no point, I'm not here to bash anyones software, I just prefer IE, plain and simple, don't get me wrong, I wouldn't know where to start to write my own browser, fair play to the chaps who have managed it, but I still prefer IE.
Look at it this way, I write music and run a record company, the software I use is Making Waves Audio, many say you should use Fruity Loop, or Acid Music, or Cubase or Reason or Audio Logic etc...
I have all those programs I can't make them do didley squat, the one I find I get on best with and achieve results is MWA, it's all down to preference.
As a developer, you have a problem to fix. The problem is:
Problem: Your site doesn't work with x,y, and z
You have a choice of answers:
1) Fix the site so it does work with x,y and z
2) Tell people who use x,y and z not to use your site
If, as you seem to have done, and gone with answer #2 then I think you may run into a lot of problems. I don't know your user base, and they may well accept this as an answer, but my experiences of users suggest that they won't.
I think foamcow summed it up quite well with :
Also, saying that firefox is a "rubbish browser" is quite simply one opinion that isn't shared by most of the other 64 million users who have downloaded the browser. I too, would like to hear your comments on why you think this, and which browser you currently use (that doesn't share the same problems that you think firefox does).
____________________________________________________________
Need help finding an answer?
Try the Search Facility or read FAQ222-2244 on how to get better results.
Problem: Your site doesn't work with x,y, and z
You have a choice of answers:
1) Fix the site so it does work with x,y and z
2) Tell people who use x,y and z not to use your site
If, as you seem to have done, and gone with answer #2 then I think you may run into a lot of problems. I don't know your user base, and they may well accept this as an answer, but my experiences of users suggest that they won't.
I think foamcow summed it up quite well with :
Rather than loooking to alienate your users, I think that as a developer you should do whatever you can to help them regardless of how they want to access your site (i.e. answer #1).
Also, saying that firefox is a "rubbish browser" is quite simply one opinion that isn't shared by most of the other 64 million users who have downloaded the browser. I too, would like to hear your comments on why you think this, and which browser you currently use (that doesn't share the same problems that you think firefox does).
____________________________________________________________
Need help finding an answer?
Try the Search Facility or read FAQ222-2244 on how to get better results.
- Thread starter
- #16
I think you must have been writing this while i posted my reply.
And you should read more clearly, I stated I opted for the choice to remove the HTTP_REFERER for the specific application that caused the problem and wrote a whole new script to do what was needed, alot of work for so far only 1 complaint in 2 years, not bad, but I put my users first!
Also what sort of maths and logic are you working on
Prime example "Yahoo Toolbar", now that by default is loaded when you download Adobe Acrobat, I think more than 64 million people have downloaded it don't you and probably 63 million 999 thousand like me removed it the minute i opened my browser and saw it there - I hate tool bars also, but if people want those obtrusive things taking up valuable screen space in your browser well that's up to you!
And you should read more clearly, I stated I opted for the choice to remove the HTTP_REFERER for the specific application that caused the problem and wrote a whole new script to do what was needed, alot of work for so far only 1 complaint in 2 years, not bad, but I put my users first!
Also what sort of maths and logic are you working on
hmm strange delusions you have if you think just because 64 million people download a program, that 64 million are using it.
Prime example "Yahoo Toolbar", now that by default is loaded when you download Adobe Acrobat, I think more than 64 million people have downloaded it don't you and probably 63 million 999 thousand like me removed it the minute i opened my browser and saw it there - I hate tool bars also, but if people want those obtrusive things taking up valuable screen space in your browser well that's up to you!
ThatRickGuy
Programmer
Actually, someone did a real nice summary comparing IE 5.5, 6.0, FF 1, Netscape, Opera, Safari, and a few others. They went through the effort of timing initial start up times, repeat start up times, content rendering, memory use, and all sorts of goodies. If I recall correctly, FF was faster then IE in all but one situation (repeat start up maybe?)
After years of car work and racing, I can assure you that that the 'ass-o-meter' (judging time/speed/power by the seat of your pants) is highly inaccurate, and unless you pull out a stop watch to prove your theory, it won't hold up.
Hmm, not sure about that. I watched a real player movie in my FF browser just 2 nights ago. Looked and performed identical to my IE browser.
That is actually a flaw on IE's side. IE is not completely conformed to the w3c's standards. While it may be 'handy' that IE lines up the content correctly in this case, it will quickly become a headache when trying to line the content up in your own layout.
-Rick
VB.Net Forum forum796 forum855 ASP.NET Forum
![[monkey]](/data/assets/smilies/monkey.gif "[monkey] [monkey]")
I believe in killer coding ninja monkeys.- Thread starter
- #18
I'm not interested in nanoseconds, I use my eyes and I assure you FF is slower MUCH slower in rendering pages.
As for movies I don't know because I couldn't get it to work for MP3's even when downloading the extra plug in you have to get to make realplayer work, none of these problems have I had in I.E.
How is it looking nice in IE and crap in FF a flaw in IE ? the mind boggles how people come to their conclusions.
But anyway I didn't come here to argue over FF, IE or any other, I use IE and recommend others should , why because it WORKS! period! whether that is by design, flaw, bug or any other force in the world at the end of the day it works! no hastle, no plugins, no problem.
If people want to use other software outside of propriety software supplied for free by the OS manufacturer, then that's fine, but don't expect others to have to support it.
I refuse to spend anytime whatsoever on making my site compatible with AOL, if you want to use the AOL browser fine, but if my site doesn't work, I don't care, that's your problem!
As for movies I don't know because I couldn't get it to work for MP3's even when downloading the extra plug in you have to get to make realplayer work, none of these problems have I had in I.E.
How is it looking nice in IE and crap in FF a flaw in IE ? the mind boggles how people come to their conclusions.
But anyway I didn't come here to argue over FF, IE or any other, I use IE and recommend others should , why because it WORKS! period! whether that is by design, flaw, bug or any other force in the world at the end of the day it works! no hastle, no plugins, no problem.
If people want to use other software outside of propriety software supplied for free by the OS manufacturer, then that's fine, but don't expect others to have to support it.
I refuse to spend anytime whatsoever on making my site compatible with AOL, if you want to use the AOL browser fine, but if my site doesn't work, I don't care, that's your problem!
If you read my post properly, you will see that I don't say there are 64 million people using it. I am under no illusions that everyone uses the browser and if you take the time to read carefully what I actually said, it was "is quite simply one opinion that isn't shared by most of the other 64 million users who have downloaded the browser". Not once do I mention 64 million people who use the browser.
Hmm, I think find you'll find that if you go back over your posts, your original statement was actually that you would just "tell the user they can't use firefox". You may have done this later on but my post was quite obviously referring to the original statement (hence the Q&A scenario).
What I, and everyone else who has posted here apart from yourself, is trying to say is that simply telling a user to do something a different way isn't the best option. The best option is to try and accomodate as many users as possible (and you seem to have now followed our advice by attempting to do by creating a "new script").
____________________________________________________________
Need help finding an answer?
Try the Search Facility or read FAQ222-2244 on how to get better results.
I don't see how you can compare downloading Firefox to Yahoo Toolbar. Like you stated, Yahoo Toolbar is by default downloaded as a bundled software package when you get Adobe Acrobat. That said, anybody that uses Adobe Acrobat is going to get the Yahoo Toolbar whether they want it or not. So to compare the people that are using a program that they opt to download (Firefox) to a program that that they get whether they want it or not (Yahoo Toolbar) doesn't hold any weight.
A better comparison would be made to Adobe Acrobat itself, because that's the primary software in the download. How many of the millions of people that downloaded Acrobat actually use it? I'd guess most of them do. And I imagine most of the people that took the effort to download Firefox use it regularly as well. You're comparing apples and oranges.
For the record, your mouse turns from an arrow into a pointer. And if you think Firefox "sux" just because you can't develop in it, then you should place blame on something (or someone) other than the browser.
-kaht
...looks like you don't have a job, so why don't you get out there and feed Tina.
![[rockband]](/data/assets/smilies/rockband.gif "[rockband] [rockband]")
A better comparison would be made to Adobe Acrobat itself, because that's the primary software in the download. How many of the millions of people that downloaded Acrobat actually use it? I'd guess most of them do. And I imagine most of the people that took the effort to download Firefox use it regularly as well. You're comparing apples and oranges.
For the record, your mouse turns from an arrow into a pointer. And if you think Firefox "sux" just because you can't develop in it, then you should place blame on something (or someone) other than the browser.
-kaht
...looks like you don't have a job, so why don't you get out there and feed Tina.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question