[thelist] Netscape 6.1: No referer in https mode
Andrew Clover
and at doxdesk.com
Wed Jan 23 08:49:47 CST 2002
> I tested it after I found out to my horror that a signup form doesn't
> work with this browser - AuthorizeNet requires a valid referer!
I would complain to AuthorizeNet. I don't know if Mozilla sends no
referrer info deliberately (can't find anythign about it in Bugzilla),
but it's perfectly valid for a browser to send no Referer: header, or
for it to be stripped out by proxies, and so on. It's an optional header.
Many people use referrer checks as a security measure, but then they're
idiots because it's trivially easy to fake it. If AuthorizeNet are relying
on them that's very disappointing.
--
Andrew Clover
mailto:and at doxdesk.com
http://and.doxdesk.com/
More information about the thelist
mailing list