重定向和引用者

发布于 2024-10-06 03:25:26 字数 706 浏览 2 评论 0原文

我的实际实现要复杂得多,需要身份验证和一堆其他东西,但以最简单的形式,这就是我遇到的问题。使用标头重定向不会将其自身显示为引用者。

所以,假设我有三个页面:start.php、middle.php 和 end.php

start.php

<html><body>
<a href="middle.php">middle</a>
</body></html>

middle.php

<?php
header('Location: end.php');
?>

end.php

<?php
    echo 'The referer is: ' . $_SERVER['HTTP_REFERER'];
?>

当您点击链接时,您最终会到达 end.php,但引用者不在中间。 php。我可以使用任何其他重定向方法来纠正此问题,或者我可以做其他任何事情吗?

干杯

编辑 在这种情况下,目标页面是第三方供应商。他们必须验证的唯一方法是通过引用 URL。我对此无法控制。我只需要我的页面进行重定向以发送正确的 URL。除了找出不信任 http_referer 的原因之外,还有其他方法可以替代此重定向方法吗?

My actual implementation of this is much more complicated, with authentication and a bunch of other stuff, but at the simplest form, here's the problem I'm having. Redirecting with header doesn't reveal itself as a referer.

So, let's say I have three pages: start.php, middle.php and end.php

start.php

<html><body>
<a href="middle.php">middle</a>
</body></html>

middle.php

<?php
header('Location: end.php');
?>

end.php

<?php
    echo 'The referer is: ' . $_SERVER['HTTP_REFERER'];
?>

When you follow the link, you end up at end.php, but the referer is not middle.php. Is there any other redirection method I can use to correct this, or anything else I can do?

Cheers

EDIT
In this case, the destination page is a third party vendor. The only method they have to validate is from refering URL. I have no control over that. I just need my page that does the redirect to send the proper URL. Are there any alternatives to this redirection method, rather than picking apart the reasons not to trust http_referer?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

独享拥抱 2024-10-13 03:25:26

抱歉,但这超出了您的控制范围,只有浏览器可以发送该标头 - 但并非所有浏览器都可以。它很容易被伪造,所以不要依赖它。

有关此 php 错误(已标记为不是错误)的更多信息,请参阅。

Sorry, but it's out of your control, only the browser can send that header - and not all do. It can be easily faked, so don't rely on it.

More information is available on this php bug (which was marked not a bug).

荒人说梦 2024-10-13 03:25:26

由于 HTTP_REFERER 不值得信赖(很容易从外部修改),因此您可以轻松存储每次请求后会话中访问的最后一个页面。然后在重新加载时轻松检索它。

意思是,将引用网址加载为 $referring_url = $_SESSION["referring_url"]。然后保存 $_SESSION["referring_url"] = $current_absolute_url;结束每个请求时。

但请注意,这可能是并发问题。并行请求(例如使用 AJAX)可以轻松地使会话相信它来自实际上并非来自的页面。

获取当前请求的绝对路径

Since HTTP_REFERER is not trustworthy (could easily be modified from outside), you could easily store the last page visited in session after every request. Then easily retrieve it when reloading.

Meaning, loading the referrer as $referring_url = $_SESSION["referring_url"]. Then saving it $_SESSION["referring_url"] = $current_absolute_url; when ending each request.

Though, note that this could be a concurrency issue. Having parallel requests (using eg AJAX) could easily make the session believe that it came from a page that it actually didn't.

Retrieving the absolute path of the current request

不羁少年 2024-10-13 03:25:26

这个问题在 SO 上已经出现过很多次了(不过我现在找不到任何重复的内容),而且我认为最重要的是,标准中没有定义浏览器将引荐来源网址设置为什么这种情况。

是否可以使用 GET 参数或其他参数显式指定它?

This question has popped up a number of times on SO (I can't find any dupes right now though), and I think always with the bottom line that it is not defined in a standard what a browser is to set the referrer to in this situation.

Is it an option to specify it explicitly using a GET parameter or something?

始于初秋 2024-10-13 03:25:26

我建议这样:

header('Location: end.php?from=' . urlencode($_SERVER['PHP_SELF'));

然后在您想知道从何处发出重定向的页面中:

echo 'redirected from ' . urldecode($_GET['from']);

I would suggest something like this:

header('Location: end.php?from=' . urlencode($_SERVER['PHP_SELF'));

And then in the page where you want to know from where the redirect was issued:

echo 'redirected from ' . urldecode($_GET['from']);
挽清梦 2024-10-13 03:25:26

您想使用 Referrer 标头信息做什么?

如果是为了对请求来源进行身份验证/验证,那么您可能会考虑尝试其他方法。正如 El Yobo 指出的那样,Referrer 标头并不是确定某人的请求来自何处的万无一失的方法。

What are you trying to use the Referrer header info for?

If it's for authentication/validation of the request's origin, then you might consider trying another approach. As El Yobo pointed out, the Referrer header isn't a foolproof way of determining where someone's request is coming from.

花落人断肠 2024-10-13 03:25:26

我采用了旧的元刷新重定向方法。这可以使需要它的供应商的引用 URL 保持完整。任何不需要它的供应商仍然使用标头函数,以提高速度和易用性。

I went with the old meta refresh method of redirection. This keeps the referring URL in tact for the vendors that require it. Any vendor that doesn't require it still uses the header function, for speed and ease of use.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文