On 07/05/2008 12:23 AM, Joachim Steiger wrote: > Michael T. Dean wrote: > >> Which could /not/ happen before I've been given a chance to type in my >> credit card information--i.e. before they know which card/bank to ask >> for authorization. >> > sorry i doubted you. just sounded like another thing we were seeing >> BTW, this is 100% repeatable (even still) on any computer on my network. >> > do you have any special nat features, a transparent proxy in use? > > ah.. and is JavaScript enabled? > > lets track it down.
OK. I'm finally at home again (I've been traveling for work) and got a chance to play around to test it. It turns out it wasn't my router configuration, it was my browser configuration. The payment site is verifying the Referer header and my browser was not sending that header. The off-network computer I tried was configured to send the Referer, so it worked on that one. I could have sworn I had tested that when I was trying to buy initially (as many websites are broken^H^H^H^H^H^Hconfigured to require a specific Referer value, so I usually remember to check). /me wonders if he should mention the futility of using /any/ client-side-generated data for "security" purposes... I guess, though, that's not Openmoko's problem, but Hi Trust's. Mike _______________________________________________ Openmoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
