Getting the Referer |
[eluser]taewoo[/eluser]
This might be a generic PHP question but since CI is so smart, I figured there might be a way around this.. According to the PHP official documention, $_SERVER['HTTP_REFERER'] is basically useless: Quote:'HTTP_REFERER' Is there an accurate way of getting the referer with CI? Can this done outside of CI somehow (i.e. maybe with Javascript?)
[eluser]Pascal Kriete[/eluser]
I'm afraid the answer is no. As the manual correctly states it's set by the user agent (the browser). The servers have no way of knowing where you've been. HTTP_REFERER is your best bet, just don't rely on it to work consistently.
[eluser]Glen Swinfield[/eluser]
HTTP_REFERER will not work if the user types the address of a page into their browser. Also you should probably be using HTTP_REFERER to provide convenience to the user - if they alter the return value and break their experience on your site - that's not your fault. I always create a 'safe' page that users are redirected to sould HTTP_REFERER not be set - or not contain the data expected.
[eluser]taewoo[/eluser]
Thanks Glen and inparo. The reason for my question is that I have a embeddable widget written that makes a call to my server... which checks to see if the REFERER is an authorized one.
[eluser]Glen Swinfield[/eluser]
In that case it isn't adequate - you can't rely on something that is so easily spoofable. Perhaps you should be posting to the widget and passing secure data in $_POST (a hash or something) to prove it is a genuine form from your server/specific page. It's more complicated than just using REFERER I'm afraid.
[eluser]beemr[/eluser]
You could always use the session class. Just make sure that you set a variable to $this->session->userdata('lasturi') before you reset the value. Code: $this->session->set_userdata('lasturi',$this->CI->uri->uri_string());
[eluser]beemr[/eluser]
[quote author="taewoo" date="1206136561"]Thanks Glen and inparo. The reason for my question is that I have a embeddable widget written that makes a call to my server... which checks to see if the REFERER is an authorized one.[/quote] Nevermind. Didn't see why you were looking for referrer. Couldn't your embed object (is it like a Google gadget?) just render javascript to set a hidden field? Code: <input type="hidden" name="referrer" value="" />
[eluser]taewoo[/eluser]
Thanks beemr. Yes.. just like Google maps. If you embed it into a site that doesn't match the domain you signed up for originally, it won't run.
[eluser]dalehurley[/eluser]
As I only care about the page the user comes from within the site, I Created a lib referrer.php and auto load it. Code: <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); |
Welcome Guest, Not a member yet? Register Sign In |