John Hile wrote:
> > You might try creating a frameset. Make a very small frame at the top
> > of the window that permits the user to return to your site and take up
> > the rest of the window with the other site.
>
> Thanks for the suggestion, but it isn't the back button I'm concerned about.
> I'm concerned about not passing sensitive information encoded in the URI to
> an outside site via the HTTP_REFERER header that the browser creates. Our
> site normally uses SSL to protect the information, but if we include any
> links to outside pages and the user clicks one of those links, the browswer
> will include the complete URI of the referring page in the HTTP_REFERER
> header when it requests the outside page. MSIE doesn't create a problem
> because it doesn't include the HTTP_REFERER header when you click on a
> non-SSL link from within an SSL page, but the Netscape browser does.
HTTP_REFERER should change to the URL of the frameset document, John.
Just make sure the frameset document is in a non-protected URL. I was
helping you kill two birds with one stone.
Shane
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
