用于内部重定向的http_referer的最佳替代方案？

after discovering the unreliability of HTTP_REFERER, I was wondering what was the best alternative to indicate an operation the correct url of origin which then perform an internal redirect. After reading various topics I seemed to understand that only possible solutions are:

1) specify the referer url directly as a parameter of the operation.

2) create a custom referer storage system using session.

In my opinion, the first solution is logically more correct and free of contraindications. Using the second solution and storing the referrer in session on every page request is possible that using the site in the various tabs referrer stored does not correspond to the page where we're actually sending the operation; Despite this bug (in my opinion quite ugly) this second solution seemed the most recommended by experts. Why? Did I miss something? Thank you all for your attention and sorry for my low level of English.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongying6659 2015-04-28 11:12
关注
storing the referrer in session on every page request is possible that using the site in the various tabs referrer stored does not correspond to the page where we're actually sending the operation; Despite this bug (in my opinion quite ugly) this second solution seemed the most recommended by experts

You could notify server to update session with current page before leaving - this way next loaded page will know what was the previous one without passing anything in URL.

That said though this solution still have some faults - it will break on any connection failure or if someone loads multiple pages in multiple tabs and requests go out of synch (it's relying on an assumption that between javascript sending request on leaving the page and server receiving request to load a next page nothing else occurs).

Best way would be to use both - this and HTTP_REFERER as a fall-back option.

Other than that mentioned passing of current pages in URL will do, but it's understandable why you try to avoid it.

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

如何在PHP中正确使用$ _SERVER ['HTTP_REFERER']？ php
2016-03-26 19:52

回答 4 已采纳 I wouldnt recommend using HTTP_REFERER: It's fairly simple to manipulable in browser. Some users
$ _SERVER ['HTTP_REFERER']不在IE上工作 php
2018-10-31 13:12

回答 1 已采纳 Is this a known issue? Yes: 'HTTP_REFERER' The address of the page (if any) which r
JAVA访问php文件 - 类似于HTTP_REFERER？ java php
2013-08-02 20:01

回答 2 已采纳 The question depends on what HTTP library your client is using to access your stuff from Java. A
自己的php网站没有referer,缺少php – $_SERVER [‘HTTP_REFERER’]
2021-04-21 10:42

thehun attila的博客我想在我的网站使用$ _SERVER [‘HTTP_REFERER’]，但我得到以下：Notice: Undefined index: HTTP_REFERER我试过打印$ _SERVER。这将输出以下内容：Array([HTTP_HOST] => 192.168.1.10[HTTP_USER_AGENT] => ...
HTTP_REFERER和位置重定向 php
2011-08-31 15:23

回答 3 已采纳 Well, the HTTP_REFERER is set by the browser and if the browser chooses not to set it on a 302 red
如何将变量与HTTP_REFERER的第一部分进行比较？ http php
2014-09-28 09:17

回答 2 已采纳 To check the domain only: $yoursite = ""; //Your site url without http:// or www. $yoursite2 = ""
Codeigniter替代标题（'Location：'。$ _SERVER ['HTTP_REFERER']）; mysql php
2018-01-21 09:41

回答 2 已采纳 You ca load the User agent library and do this as well: redirect($this->agent->referrer());
$_SERVER $HTTP_SERVER_VARS错误解决办法
2019-07-16 14:54

ngapidemo的博客 $HTTP_SERVER_VARS在php官方5.4就 [已删除] $_SERVER – $HTTP_SERVER_VARS [已删除] — 服务器和执行环境信息说明 $_SERVER 是一个包含了诸如头信息(header)、路径(path)、以及脚本位置(script locations)等等信息...
$ _SERVER ['HTTP_REFERER']总是空的 - PHP php
2010-12-23 09:57

回答 2 已采纳 No way to do according to my requirement
是否通过HTTP_REFERER传递了URL的查询段？ [原文如此] http php
2014-01-30 11:20

回答 1 已采纳 From the tests that I have done on my end, local and across multiple servers, the parameters of th
如何在Zend Framework中获取HTTP_REFERER http php
2016-04-05 12:10

回答 1 已采纳 Got it, I'm using the wrong class. We need to use \Zend\Http\PhpEnvironment\Request() This one is
php iframe referer,【技术分享】通过iframe注入实现referer欺骗
2021-03-19 03:15

环球情报员的博客稿费：100RMB投稿方式：发送邮件至linwei#360.cn，或登陆网页版在线投稿前言去年我们提过一种很简单的在Edge上实现referer欺骗的技术，该技术允许我们实现referer欺骗甚至是绕过XSS过滤。今天我发现该问题被修复了，...
php中HTTP_REFERER的其他选项是什么？ html php
2010-06-01 08:08

回答 3 已采纳 This looks like it might be an X-Y problem. If X is How can I stop unauthorized websites fra
如何重定向到另一个网页？
2019-11-26 12:40

asdfgh0077的博客实现替代方案，以免丢失HTTP_REFERER。否则，您几乎总是可以简单地使用 window.location.href 。测试对 HTTP_REFERER （URL粘贴，会话等）可以在讲述一个请求是否合法，有益的。（请注意：还有一些...
PHP CURL CURLOPT参数说明(curl_setopt)
2019-11-15 14:34

Gan_1314的博客 CURLOPT_RETURNTRANSFER 选项： curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 如果成功只将结果返回，不自动输出任何内容。如果失败返回FALSE curl_setopt($ch, CURLOPT_RETURNTRANSFER,0);...PHP中C...
PHP curl_setopt函数
2019-07-28 22:30

Newbie@man的博客 curl_setopt — 设置一个cURL传输选项。为给定的cURL会话句柄设置一个选项。 bool curl_setopt ( resource $ch , ...CURLOPT_AUTOREFERER 当根据Location:重定向时，自动设置header中的Referer:信息。 CURLOPT_BINA...
如何重定向到另一个网页?
2018-05-16 12:05

dearbaba_8520的博客下面我们将实现IE8 & lower的一个替代方案，这样我们就不会失去HTTP_REFERER。否则，您几乎可以只使用window.location.href。 Testing against HTTP_REFERER (URL pasting, session, etc.) can be helpful...
angular设置referer_Angular-cli 构建应用的一些配置
2020-12-18 23:33

weixin_39633917的博客 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main...
【php中的curl】php中curl的详细解说
2017-07-15 11:45

铁柱同学的博客 PHP的curl操作，挺不错的文章，可以作为了解
没有解决我的问题, 去提问

悬赏问题

¥15 delta降尺度计算的一些细节，有偿
¥15 Arduino红外遥控代码有问题
¥15 数值计算离散正交多项式
¥30 数值计算均差系数编程
¥15 redis-full-check比较两个集群的数据出错
¥15 Matlab编程问题
¥15 训练的多模态特征融合模型准确度很低怎么办
¥15 kylin启动报错log4j类冲突
¥15 超声波模块测距控制点灯，灯的闪烁很不稳定，经过调试发现测的距离偏大
¥15 import arcpy出现importing _arcgisscripting 找不到相关程序

用于内部重定向的http_referer的最佳替代方案？

1条回答 默认 最新

悬赏问题

1条回答默认最新