Beware that many firewalls (e.g. Norton) block referrer info from being sent, thus breaking pages that rely on it; let your users know that this may happen.
On 1/4/06, Mark Drew <[EMAIL PROTECTED]> wrote: > This is a common problem, there are a couple of ways of getting round this: > > 1) instead of your JavaScript files being .js they can be .cfm and you > can check a referrer. The referrer will be the page that is calling > the JS. If the user calls that page directly, write some code that > displays nothing. There are some caveats around this but it works most > of the time. > > 2) Even in the earliest of web scripts (FormMail.pl) it has been a > good idea to check your referer to your scripts, at least the domain, > if not, the actual page. > > I know this can be spoofed etc but at least you have some protection > from most common attacks. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228337 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
