https://stackoverflow.com/questions/19330905
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIt is not only about python and web.py. Generally relying only on HTTP Referer will not work. Many proxies strip the HTTP Referer information. For more information on this, please read this excellent answer. https://stackoverflow.com/a/6023980/1903116
Is it wise to rely on HTTP_REFERER in a web app?
-
30-06-2022 - |
Pergunta
I'm writing a web app in Python/web.py where you go to the url /unfriend to unfriend someone. This link is spread out across multiple pages. After being unfriended, I would like the user to be redirected to the page they came from. Can I rely on HTTP_REFERER to implement this behavior? I don't want to have to add a parameter to the url.
Solução
Outras dicas
thefourtheye is right that you can't rely on REFERER.
But that doesn't mean you can't use it.
As a security measure (e.g., to prevent deep linking), it's laughably useless.
But for convenience features, there's nothing wrong with it. Assume, say, a third of your users won't supply it. Is your navigation good enough without it? Is the benefit in making things a little nicer for 2 in 3 users worth it? Sometimes the answer is yes.
Keep in mind that some proxies or user agents will intentionally send you garbage. If the REFERER is the same as the current page, or is not part of your app at all, don't use it.
Also, ask yourself whether what you really want here is a redirect to REFERER, or JS window.history.back(). The former is a poor substitute for the latter if that's what you're intending it for (although it can occasionally be useful as a fallback for people who can't run JS).
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
