通过重定向更改 http-referer

发布于 2024-09-17 10:16:52 字数 519 浏览 7 评论 0原文

我们正在注册一个使用 http-referer 作为身份验证的在线资源(我知道这是个坏主意),以证明请求来自我们的内联网(IP 地址对此不可用,因为有更高级别的代理)。

不幸的是,他们的系统可能需要特定的引用 URL,而不是域名。这意味着当我们想要从不同页面链接到资源时,我们需要向他们注册另一个 URL,或者链接到他们必须再次点击的有效启动页面。

如果我们需要沿着这条路线走下去,我想让它尽可能不引人注目,所以想知道实现以下目标的最佳方法是什么:

  1. http://intranet/somerandomurl 有一个链接到
  2. http://intranet/AuthorizedUrl ,它需要成为
  3. http://externalsite/

的引荐来源网址有没有办法做到这一点,而不会让人们点击关联? (如果有帮助的话,绝大多数浏览器将是 IE6 或 IE7,如果有些需要点击链接,但我可以使用 JS,我对此表示同意)。

We are signing up to an online resource that uses http-referer as authentication (bad idea, I know) to prove that the request comes from our intranet (IP address is not available for this as there is a higher level proxy).

Unfortunately it might be that their system requires a specific referer URL rather than taking the domain. This will mean when we want to link to the resource from a different page we will need to either register yet another URL with them or link to effectively a splash page they have to click through again.

If we need to go down this route I'd like to make it as unnoticeable as possible and so was wondering what the best approach would be to achieve the following:

  1. http://intranet/somerandomurl has a link to
  2. http://intranet/AuthorisedUrl which needs to be the referrer to
  3. http://externalsite/

Is there any way to do this without literally making people click on a link? (the vast majority of browsers will be IE6 or IE7 if that helps, if some need to click on the link but I can use JS for most I'm ok with that).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

一直在等你来 2024-09-24 10:16:52

将此代码放在链接 2 上。对于启用了 JavaScript 的用户,

 <script type="text/javascript">

window.location = "http://example.com/"

</script>

这会将其重定向到 http://example.com/ 一旦执行。尽可能早地将其放在 中,以便在页面加载时尽可能早地进行重定向。

然后,只需在页面上为那些禁用 JavaScript 的页面添加一个手动链接即可。

无论哪种方式,链接 2 将成为外部站点的引荐来源网址。

(警告:这是一种非常非常不安全的身份验证方法。)


编辑:看起来存在一个已知问题,某些 IE 版本在 javascript 重定向后未传递 Referer 标头。这是解决方法:http ://webbugtrack.blogspot.com/2008/11/bug-421-ie-fails-to-pass-http-referer.html

Put this code on link 2. For those with JavaScript enabled,

 <script type="text/javascript">

window.location = "http://example.com/"

</script>

This will redirect them to http://example.com/ as soon as it executes. Put this as early on within the <head> as possible, so that the redirect occurs as early in the page loading as possible

Then just put a manual link on the page for those with JavaScript disabled.

Either way, link 2 will be the referrer for externalsite.

(Caveat: This is a really, really unsecure method of authentication.)


EDIT: It looks like there's a known issue with some IE versions not passing a Referer header after javascript redirects. Here is the workaround: http://webbugtrack.blogspot.com/2008/11/bug-421-ie-fails-to-pass-http-referer.html

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文