Ray_Net wrote:
EE wrote on 25/02/2016 19:43:
Ray_Net wrote:
EE wrote on 24/02/2016 22:35:
"Link Behaviour" is basically tabs versus windows. A referrer is
information that a browser sends when following links or picking up
images to the site where the file is being requested, telling it where
the browser came from. I use RefControl to block third party
referrers, since they are normally not needed, and I do not think one
website needs to know where I came from if I came from a different
host.
On our Website, we fill our database with a lot of stupid entries ...
this was caused by spammers who copy a page of one of our form into
their host, modify it then use it a lot.
The "referer" was our solution to stop the fill of our database because
we test: If the referer is not from our site, then discard.
This is a case of one website NEEDS TO KNOW where you came from.
But I could jump into your site from a bookmark, and doing it that way
does not send any referrer. I am also not blocking first-party
referrers. Doing that can cause problems, and there is not much point
anyway.
NO you cannot jump from a bookmark ...
When you use a form, you must:
1. Ask the empty form to be filled in. Let's say: http://mysite/myform.php
2. Fill the form, then hit the "SEND" button
3. This action will trigger http://mysite/myform-action.php
4. http://mysite/myform-action.php will:
a) Check the referrer which MUST be http://mysite/myform.php (if this
is not this value (your example is your bookmark pointing wrongly to
http://mysite/myform-action.php) then stop and do nothing.
If true then perform point b) and c)
b)check the sended data
c)take action depending of good values entered or bad values entered
(this could be an entry in the dabase, and or sending a mail and/or
reply at http://mysite/myform-reply.php
----
Normally, you cannot bookmark http://mysite/myform-action.php because
your browser can only store this page: http://mysite/myform.php, or this
page: http://mysite/myform-reply.php
If, you really have a bookmark with http://mysite/myform-action.php and
you use it:
- You did not send any data the myform-action.php will use, and if you
don't send a referrer, your action will be discarded.
----
The spammer create on his host http://his-host/myform.php and trigger
http://mysite/myform-action.php who, if correctly coded, will reject
when the referrer is :
http://his-host/myform.php
instead of:
http://mysite/myform.php
In each case, you seem to be indicating that the hostname is the same,
and that is a first-party referrer. I do not block those because that
can cause problems.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
