What's wrong with using the HTTP refer(r)er header to determine the URL of the page containing an <iframe>?
-
That is, why can't the server responding to the <iframe>'s HTTP request trust the HTTP_REFERER of that request? Even if some user agents don't send it, at least the containing site doesn't have any control over the header. This is a follow-up question to .
-
Answer:
The http referer header can easily be spoofed and cannot be used for any security decisions.
Miguel Paraz at Quora Visit the source
Related Q & A:
- What's wrong with this PHP Twitter API POST?Best solution by Stack Overflow
- What's wrong with my yahoo 360 page stat counter?Best solution by answers.yahoo.com
- What's wrong with msn hotmail?Best solution by Yahoo! Answers
- What's a good amp for alpine type R?Best solution by Yahoo! Answers
- What's wrong with Nokia N97 Mini's wifi?Best solution by wiki.answers.com
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.