You could try (on the calling page) writing a session variable for the
current page, then call that variable instead of cgi.http_referrer
-Original Message-
From: Coldfusion [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 9:18 PM
To: CF-Talk
Subject: RE: cgi.HTTP_REFERER
Why
Colman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 7:22 PM
To: CF-Talk
Subject: RE: cgi.HTTP_REFERER
Calling page is:
cflocation url=test_ref.cfm
Still not working.
~|
Message: http://www.houseoffusion.com/lists.cfm
, 2006 5:06 AM
To: CF-Talk
Subject: RE: cgi.HTTP_REFERER
You could try (on the calling page) writing a session variable for the
current page, then call that variable instead of cgi.http_referrer
-Original Message-
From: Coldfusion [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 9
: 703-300-3911
-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 30, 2006 11:09 AM
To: CF-Talk
Subject: RE: cgi.HTTP_REFERER
But what if he doesn't have control over the calling page?
!//--
andy matthews
web developer
ICGLink, Inc
A lot of software blocks this variable, like firewalls and stuff.
Http_referer is useful, but you can't rely on it being there.
-Original Message-
From: Richard Colman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 2:33 PM
I am trying to get this to work, and the simple
cfif cgi.HTTP_REFERER IS NOT
cgi variable exists
cfelse
cgi variable does not exist
/cfif
cfoutput#CGI.HTTP_REFERER#/cfoutput
However I am not getting anything back in the cgi variable.
Any comments appreciated.
Rick Colman
Just to eliminate any other kind of white space
what is the result of the conditional?
the variable will always exist. there should (i believe) always be a
key in the CGI scope (struct) for cgi.http_referer. However, the
value of that key could be an empty string (if the user bookmarked the
page, typed it in manually, etc).
On 3/29/06,
This is kind of like asking to make sure your computer is plugged in (so
you've probably already checked this) but it will be empty if you didn't
actually have a referrer (as in, you browse directly to the page).
On 3/29/06 10:38 PM, Ian Skinner [EMAIL PROTECTED] wrote:
cfif cgi.HTTP_REFERER
cfif IsDefined(CGI.HTTP_REFERER) checks for it's existence
Actually, I'm pretty sure that IsDefined always returns true for any CGI
variable, whether it actually exists or not. For example, this would return
true:
cfif IsDefined(CGI.I_MADE_THIS_UP)
Dave Watts, CTO, Fig Leaf Software
cfif IsDefined(CGI.HTTP_REFERER) checks for it's existence
Actually, I'm pretty sure that IsDefined always returns true for any CGI
variable, whether it actually exists or not. For example, this would return
true:
cfif IsDefined(CGI.I_MADE_THIS_UP)
Dave Watts, CTO, Fig Leaf Software
For that matter (and I know this is a bit off the original point),
cgi.jimmyhoffa will always exist. The cgi scope is really funny that
way, everything exists there.
--Ferg
Charlie Griefer wrote:
what is the result of the conditional?
the variable will always exist. there should (i
WTF!! Dave may kindly ask if you have any insight into the
logic behind that little gem? ;-)
I can only speculate, but the set of CGI variables is dependent on the
browser and the server, so my presumption is that they did this to reduce
errors when checking CGI variables. I think it's kind
cfif IsDefined(CGI.I_MADE_THIS_UP)
Dave Watts, CTO, Fig Leaf Software
WTF!! Dave may kindly ask if you have any insight into the logic behind that
little gem? ;-)
Thanks
CGI is a bit of a bastard because different web server software will return
deferent lists. This can be confounded
Thanks DaveI'm not sure I'd use the word sillybut I hear ya ;-)
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
phone: 250.480.0642
fax: 250.480.1264
cell: 250.920.8830
e-mail: [EMAIL PROTECTED]
web: www.electricedgesystems.com
Also you have to be going to that page from another page for it to have a
value...
Eric
snipped
~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:236505
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Calling page is:
cflocation url=test_ref.cfm
Still not working.
-Original Message-
From: Charles Sheehan-Miles [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 7:43 AM
To: CF-Talk
Subject: Re: cgi.HTTP_REFERER
This is kind of like asking to make sure your computer is plugged
Calling page is:
cflocation url=test_ref.cfm
Still not working.
I don't think that the Referer header is passed when you redirect using
CFLOCATION.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at
, March 29, 2006 8:57 PM
To: CF-Talk
Subject: RE: cgi.HTTP_REFERER
Calling page is:
cflocation url=test_ref.cfm
Still not working.
I don't think that the Referer header is passed when you redirect using
CFLOCATION.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software
Donnie:
The Referer header is optional.HTTP Clients are not required to send the
header or, if they do, are not required to be truthful about the data
specified by the header.Additionally, a lot of systems along the path of
the HTTP connection (firewalls, gateways, etc.) can strip the header
Sending a referrer is entirely up to the browser/system - most home firewall
software will prevent referrers from being sent for example.
You really should never use referrer as security mechanism it's just not
reliable enough.
Jim Davis
I am trying to check the CGI.HTTP_REFERER variable to
So, any ideas on the best way to keep outside sites from submitting my
forms?
-Original Message-
From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED]
Sent: Monday, July 12, 2004 10:50 AM
To: CF-Talk
Subject: RE: CGI.HTTP_REFERER is blank!
Donnie:
The Referer header is optional.HTTP Clients
proxy server ;-)
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
t. 250.920.8830
e. [EMAIL PROTECTED]
-
Macromedia Associate Partner
www.macromedia.com
Internet Privacy software will strip out the referrer oftentimes.With all
of the privacy issues and the software to address them, it might not be a
good idea to rely on CGI.HTTP_REFERERespecially since it can be forged
easily.
Marlon
-Original Message-
From: Donnie Carvajal
Donnie:
There's been a lot of discussion on this topic in the past.You can check
the House Of Fusion archives for them.
In general, the best method I've heard of is dynamically generating a unique
value on form display that needs to be submitted to the form processing
page.Basically, when the
Norton Internet Security and similar products will strip it.
-Original Message-
From: Donnie Carvajal [mailto:[EMAIL PROTECTED]
Sent: Monday, July 12, 2004 10:41 AM
To: CF-Talk
Subject: CGI.HTTP_REFERER is blank!
I am trying to check the CGI.HTTP_REFERER variable to keep outside sites
Donnie Carvajal wrote:
So, any ideas on the best way to keep outside sites from submitting my
forms?
Try using ticketmaster to buy some tickets, you'll see what is probably
one of the more effective methods... then scan the list archives for the
many discussions on methods of doing it.=)It's
A firewall would have to _strip_ the referer header from
the HTTP request... a lot of work, and I can't imagine what
additional security would be gained from doing this.
Imagine that you've got a relatively unsavory site with a bunch of links to
less unsavory sites. You might not want to
The syntax on the first one is correct. Are you referencing it after a page
request or form submittal?
Douglas Brown
Email: [EMAIL PROTECTED]
- Original Message -
From: Cornillon, Matthieu [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, July 27, 2002 3:49 PM
Subject:
into
this with my IT department.
Thanks anyway,
Matthieu
-Original Message-
From: Douglas Brown [mailto:[EMAIL PROTECTED]]
Sent: Saturday, July 27, 2002 7:05 PM
To: CF-Talk
Subject: Re: CGI.HTTP_REFERER
The syntax on the first one is correct. Are you referencing it after a page
request or form
]
Sent: Saturday, July 27, 2002 4:48 PM
Subject: RE: CGI.HTTP_REFERER
I'm checking it in my Application.cfm. I want to see whether the page
before the current page is from my site or not. If not, I want to do
something different. I am guessing that my company's firewall is set to
block outgoing
Which web server and version of CF are running on this server? On my CF5/IIS5
server, I always have the exact same set of CGI variable (including
CGI.HTTP_REFERER), but some of them will sometimes have a zero length string
as there value. A firewall would have to _strip_ the referer header from
Turn on Debugging on you development box. This should show
you all the values in the CGI scope.
Joe
-Original Message-
From: Cornillon, Matthieu [mailto:[EMAIL PROTECTED]]
Sent: Saturday, July 27, 2002 6:49 PM
To: CF-Talk
Subject: CGI.HTTP_REFERER
Okay. I'm stumped. I had this whole
Some firewalls (such as Norton's - I know this from personal experience),
block or change the http_referer that is sent from the browser to the
server. In the case or Norton, it gets changed to http_weferer, and consists
of a rather random looking alphabet soup.
Cheers,
Mark
Okay. I'm
PROTECTED]]
Sent: Sunday, 28 July 2002 1:09 PM
To: CF-Talk
Subject: Re: CGI.HTTP_REFERER
Some firewalls (such as Norton's - I know this from personal experience),
block or change the http_referer that is sent from the browser to the
server. In the case or Norton, it gets changed to http_weferer
, if you're planning an application that's going to need
http_referer, my advice is to re-think it!
Cheers,
Mike Kear
Windsor, NSW, Australia
AFP WebWorks
-Original Message-
From: mark brinkworth [mailto:[EMAIL PROTECTED]]
Sent: Sunday, 28 July 2002 1:09 PM
To: CF-Talk
Subject: Re
Save it as a variable?
Pete
- Original Message -
From: Jim Vosika [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Monday, July 08, 2002 6:19 PM
Subject: CGI.HTTP_REFERER
I currently use #CGI.HTTP_REFERER# to see the last page my user came
from, is there a way to look back 2
Message-
From: Pete Ruckelshaus [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 09, 2002 7:15 AM
To: CF-Talk
Subject: Re: CGI.HTTP_REFERER
Save it as a variable?
Pete
- Original Message -
From: Jim Vosika [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Monday, July 08, 2002 6:19
.
Cheers
From: Jim Vosika [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Subject: RE: CGI.HTTP_REFERER
Date: Tue, 9 Jul 2002 08:03:45 -0500
I mean for pages out of my control. Like say the user first goes to a
google result page then clicks through to some website where
I doubt that you can do this without some assistance from the intervening
page. While browsers have a history object,
I currently use #CGI.HTTP_REFERER# to see the last page my user came
from, is there a way to look back 2 pages?
This is not exactly the same thing, but the following does
Not unless you pass the previous page as a variable of some sort (cookie, URL, form,
etc).
Kevin
[EMAIL PROTECTED] 07/08/02 03:19PM
I currently use #CGI.HTTP_REFERER# to see the last page my user came
from, is there a way to look back 2 pages?
Thanks!
Jim Vosika
http://tinyclick.com
I currently use #CGI.HTTP_REFERER# to see the last page my user came
from, is there a way to look back 2 pages?
Thanks!
Jim Vosika
I have never done this, but the javascript object model has a history object
which has the info you would need to know. Something like
window.history.go(-2) would
Short answer: Yes.
I've been running and logging referer tests for about 6 months now. I get
an email every time one fails, and record all initial 'incoming' visitors in
a db that logs, among other things, browser type and referer value.
Every once in a while I'll have a user get 'refered' in
this to happen?
Thank you again.
Sima
-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 02, 2001 12:35 PM
To: CF-Talk
Subject: Re: cgi.http_referer problem
Short answer: Yes.
I've been running and logging referer tests for about 6 months now. I
get
NT 5.0)
I guess we cannot do anything to prevent this to happen?
Thank you again.
Sima
-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 02, 2001 12:35 PM
To: CF-Talk
Subject: Re: cgi.http_referer problem
Short answer: Yes.
I've been running
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris,
I doubt there's an issue with the cgi.http_referer between secure
non secure.. It's just that their server (authorize.net) is doing an
HTTP POST to your server... just like in a CFHTTP post, you have the
option what you want to POST... I'm
Maybe you could try to capture the cgi.Server_Name or IP instead?
You may also want to look at the authorizenet merchant management section
though. Login and click on settings. Then select Manage URLs. You'll want to
configure this area.
-Gary
-Original Message-
From: Chris
Consulting Partner
210-490-3249/888-745-7603Fax 210-490-4692
-Original Message-
From: Aaron Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 14, 2000 3:46 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: CGI.HTTP_REFERER and SSL
-BEGIN PGP SIGNED MESSAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In the calling form, you could pass a hidden field w/ the name of the
form page.
Something like:
Cfoutput
input type="hidden" name="ReturnTo" value="#CGI.Script_Name#"
/cfoutput
Hope that helps.
Best regards,
Zac Bedell
-Original
:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 2:09 PM
To: '[EMAIL PROTECTED]'
Subject: RE: #cgi.http_referer# and IE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In the calling form, you could pass a hidden field w/ the name of the
form page.
Something like:
Cfoutput
input type="hidden&
put#urlencodedformat(cgi.path_info)#?#urlencodedformat(cgi.que
ry_string)#/cfoutput"' cfif session.layout is "2"checked/cfif
!--- action to change layout ---
cfswitch expression="#attributes.fuseaction#"
cfcase value="changelayout"
cfset session.layout = "#a
50 matches
Mail list logo
