通过重定向更改 http-referer
我们正在注册一个使用 http-referer 作为身份验证的在线资源(我知道这是个坏主意),以证明请求来自我们的内联网(IP 地址对此不可用,因为有更高级别的代理)。
不幸的是,他们的系统可能需要特定的引用 URL,而不是域名。这意味着当我们想要从不同页面链接到资源时,我们需要向他们注册另一个 URL,或者链接到他们必须再次点击的有效启动页面。
如果我们需要沿着这条路线走下去,我想让它尽可能不引人注目,所以想知道实现以下目标的最佳方法是什么:
http://intranet/somerandomurl有一个链接到http://intranet/AuthorizedUrl,它需要成为http://externalsite/
的引荐来源网址有没有办法做到这一点,而不会让人们点击关联? (如果有帮助的话,绝大多数浏览器将是 IE6 或 IE7,如果有些需要点击链接,但我可以使用 JS,我对此表示同意)。
We are signing up to an online resource that uses http-referer as authentication (bad idea, I know) to prove that the request comes from our intranet (IP address is not available for this as there is a higher level proxy).
Unfortunately it might be that their system requires a specific referer URL rather than taking the domain. This will mean when we want to link to the resource from a different page we will need to either register yet another URL with them or link to effectively a splash page they have to click through again.
If we need to go down this route I'd like to make it as unnoticeable as possible and so was wondering what the best approach would be to achieve the following:
http://intranet/somerandomurlhas a link tohttp://intranet/AuthorisedUrlwhich needs to be the referrer tohttp://externalsite/
Is there any way to do this without literally making people click on a link? (the vast majority of browsers will be IE6 or IE7 if that helps, if some need to click on the link but I can use JS for most I'm ok with that).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将此代码放在链接 2 上。对于启用了 JavaScript 的用户,
这会将其重定向到 http://example.com/ 一旦执行。尽可能早地将其放在
中,以便在页面加载时尽可能早地进行重定向。然后,只需在页面上为那些禁用 JavaScript 的页面添加一个手动链接即可。
无论哪种方式,链接 2 将成为外部站点的引荐来源网址。
(警告:这是一种非常非常不安全的身份验证方法。)
编辑:看起来存在一个已知问题,某些 IE 版本在 javascript 重定向后未传递
Referer标头。这是解决方法:http ://webbugtrack.blogspot.com/2008/11/bug-421-ie-fails-to-pass-http-referer.htmlPut this code on link 2. For those with JavaScript enabled,
This will redirect them to http://example.com/ as soon as it executes. Put this as early on within the
<head>as possible, so that the redirect occurs as early in the page loading as possibleThen just put a manual link on the page for those with JavaScript disabled.
Either way, link 2 will be the referrer for externalsite.
(Caveat: This is a really, really unsecure method of authentication.)
EDIT: It looks like there's a known issue with some IE versions not passing a
Refererheader after javascript redirects. Here is the workaround: http://webbugtrack.blogspot.com/2008/11/bug-421-ie-fails-to-pass-http-referer.html