CodeIgniter Forums
https referer - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forum-21.html)
+--- Thread: https referer (/thread-11985.html)



https referer - El Forum - 10-01-2008

[eluser]vile[/eluser]
hi,

why is it that when the referrer came from a https the $_server['http_referer'] is empty but if it came from http its working? thanks


https referer - El Forum - 10-01-2008

[eluser]Phil Sturgeon[/eluser]
Must be a security thing? Keeps your online secure history secret from the next server you visit.


https referer - El Forum - 10-01-2008

[eluser]GSV Sleeper Service[/eluser]
from the PHP manual.

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

also, are you using IE?
http://support.microsoft.com/kb/178066


https referer - El Forum - 10-01-2008

[eluser]vile[/eluser]
is there any way i can get http_referer from https? thanks for fast reply


https referer - El Forum - 10-01-2008

[eluser]GSV Sleeper Service[/eluser]
not reliably, no. some proxies strip out the referer, and you can tell firefox (and possibly other browsers) not to send referers.


https referer - El Forum - 10-01-2008

[eluser]vile[/eluser]
ok thanks.


https referer - El Forum - 10-01-2008

[eluser]Frank Berger[/eluser]
The http RFC states for this:

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

see here:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3

That means that if you switch from a https: link to a http: link, no referer will be set by any browser. Furthermore, in Mozilla based browsers (Netscape, Firefox and so on) it is a configurable setting if referer is set between https: and https: links:
http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer

I suppose other clients have similar rules put in, besides the fact that most have the general setting of a referer as a optional setting. I suppose as well that the private/porn modes in Safari, IE8 and Googles new browser wont set a referer as well.

The short and ugly is, as stated above, don't use/rely on referer. I don't think i used that header since like 1999 in any of my applications/websites and was able to do all i needed to do.

cheers
Frank


https referer - El Forum - 10-01-2008

[eluser]Colin Williams[/eluser]
Good stuff, Frank. If you need to communicate something from a secured section to a non-secure section, use sessions.


https referer - El Forum - 11-02-2012

[eluser]kimme[/eluser]
$_SERVER is an array which contain information. This information is related to the headers, paths, and script locations. Entries of the array is created by the web server.Through the use of a command-line tool and IIs HTTP/HTTPS settings are configured. Command-line tool is use when a WCF service is self-hosted.