Re: POST without any content - sometimes
On Sat, 16 Feb 2002 08:40:12 +0100 Anders Knuts [EMAIL PROTECTED] wrote: Yes of course it is referer, my mistake thanx The _referer_ should be my own server, since it is from where the POST originate, but in this particular case, from this IP-adress, the referer disapears sometimes... Bug (or feature) of the Brwoser? Anyway, you can't rely on Referer: header for validation of the data, as you can spoof it easily. -- Tatsuhiko Miyagawa [EMAIL PROTECTED]
Re: POST without any content - sometimes
I don't think it's the users browser since I got one POST with referer and one POST without with only three seconds between. The user runs vanilla Win XP with MS IE5.5. I think there is a Norton Personal firewall in between, maybe there's the problem? Maybe the best thing to do is to make the script accept POSTs without referer and forget tho whole thing? On the other hand I'm a curious person :-) /Anders Tatsuhiko Miyagawa skrev: On Sat, 16 Feb 2002 08:40:12 +0100 Anders Knuts [EMAIL PROTECTED] wrote: Yes of course it is referer, my mistake thanx The _referer_ should be my own server, since it is from where the POST originate, but in this particular case, from this IP-adress, the referer disapears sometimes... Bug (or feature) of the Brwoser? Anyway, you can't rely on Referer: header for validation of the data, as you can spoof it easily. -- Tatsuhiko Miyagawa [EMAIL PROTECTED] -- Anders Knuts [EMAIL PROTECTED] -Varför använda en massa främmande ord när det finns en adekvat svensk vokabulär?-
Re: POST without any content - sometimes
On Sat, 2002-02-16 at 01:43, Anders Knuts wrote: I don't think it's the users browser since I got one POST with referer and one POST without with only three seconds between. The user runs vanilla Win XP with MS IE5.5. I think there is a Norton Personal firewall in between, maybe there's the problem? I don't know about Personal Firewall, but Norton Internet Security does indeed strip off referer tags. We discovered this at work while debugging a similar problem. This is part of the Privacy Control component -jon -- [EMAIL PROTECTED] || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html You are in a twisty little maze of Sendmail rules, all confusing. signature.asc Description: This is a digitally signed message part