[thelist] Netscape 6.1: No referer in https mode
muinar
muinar at gmx.net
Wed Jan 23 10:22:22 CST 2002
Thanks Andrew
At 14:48 23.01.02 +0000, you wrote:
> > I tested it after I found out to my horror that a signup form doesn't
> > work with this browser - AuthorizeNet requires a valid referer!
>
>I would complain to AuthorizeNet. I don't know if Mozilla sends no
>referrer info deliberately (can't find anythign about it in Bugzilla),
I checked with a little PHP script and voilà - NS 6.1 and 6.2 didn't
send any referer data, while I got a perfect URL from other browsers.
>but it's perfectly valid for a browser to send no Referer: header, or
>for it to be stripped out by proxies, and so on. It's an optional header.
Didn't know that. But true - AuthorizeNet requires me so far to set up
referer URLs. I thought that this is really a major payment service provider,
so I wonder how others are setting it up. Are new NS versions simply left out
by AuthorizeNet credit card payments? Or is there still something I'm
overlooking?
>Many people use referrer checks as a security measure, but then they're
>idiots because it's trivially easy to fake it. If AuthorizeNet are relying
>on them that's very disappointing.
>
>--
>Andrew Clover
>mailto:and at doxdesk.com
>http://and.doxdesk.com/
More information about the thelist
mailing list