[thelist] Netscape 6.1: No referer in https mode

Andrew Clover and at doxdesk.com
Wed Jan 23 08:49:47 CST 2002


> I tested it after I found out to my horror that a signup form doesn't
> work with this browser - AuthorizeNet requires a valid referer!

I would complain to AuthorizeNet. I don't know if Mozilla sends no
referrer info deliberately (can't find anythign about it in Bugzilla),
but it's perfectly valid for a browser to send no Referer: header, or
for it to be stripped out by proxies, and so on. It's an optional header.

Many people use referrer checks as a security measure, but then they're
idiots because it's trivially easy to fake it. If AuthorizeNet are relying
on them that's very disappointing.

-- 
Andrew Clover
mailto:and at doxdesk.com
http://and.doxdesk.com/




More information about the thelist mailing list