Re: [PHP] HTTP_REFERER is missing in SSL

2001-07-27 Thread Rasmus Lerdorf

 I have a frameset that runs on a SSL enabled server that has two frames in it.
 One of the source is the local machine and the other one is a (outsourced
 asp !!) script in another machine without SSL.
 The non SSL one requires HTTP_REFERER to make sure it was hit from the
 authorized server.

 This works fine with Netscape but not with IE 5. HTTP_REFERER just wasn't
 defined.

 Any explanation?

Bug in IE?  PHP doesn't even enter the picture here.  The HTTP_REFERER
variable is defined by the web server if that information is provided by
the browser.

Keep in mind that there is absolutely no guarantee that the browser will
ever provide this information.  Building anything that relies on this is a
mistake.

-Rasmus


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] HTTP_REFERER is missing in SSL

2001-07-27 Thread Ezra Nugroho


Bug in IE?  PHP doesn't even enter the picture here.  The HTTP_REFERER
variable is defined by the web server if that information is provided by
the browser.

No, it's not really a PHP thing, it's more HTML stuff.
I suspect that the error comes because one of the server is not running 
SSL, so IE doesn't pass HTTP_REFERER to it.
I wonder if someone has any authoritative knowledge on this problem.


Keep in mind that there is absolutely no guarantee that the browser will
ever provide this information.  Building anything that relies on this is a
mistake.

Yeah, I know, but this is an outsourced script that I have no controll off.


-Rasmus


Ezra Nugroho
Web/Database Application Specialist
Goshen College ITS
Phone: (219) 535-7706


Don't be humble, you're not that great. -- Golda Meir


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]