04-11-2003, 01:53 PM
I have a mailform script - demo at http://www.mori.com/test_form_mori.html - which validates by referer. But every so often it fails to validate and outputs the "illegal referer" message (which asks the user to report the error to me).
I don't know why it fails - I can't make it happen when I try; but every so often I get an email from someone saying they got the error message.
Can anyone shed light on this? I've attached the full script.
04-11-2003, 03:46 PM
The problem is that $_SERVER['HTTP_REFERER'] is not always available. This value is optional for HTTP requests, and if the client choses not to send the information on which page he has been/requested previously, you can't do anything about it. Also, sometimes proxies or firewalls filter out this extra header, and that's most likely the case with the users for whom the form doesn't seem to work.
04-11-2003, 03:58 PM
Oh okay; thanks.
Presumably then everyone has this issue - is there an accepted way of dealing with it?
If it comes down to, reproduce the message text and ask people to use their own mail software to send it, any suggestions on what to say - a non-technical explanation of why this has happened?
04-11-2003, 05:52 PM
brothercake, I think you're gonna shoot yourself in the foot if you present the user with a short non-technical message that stays close to truth. It would be like:
"Your request could not be processed because you or your network administrator values security and privacy."
+1 from for weirdans suggestion. Alternatively, is this referer thingie so important? Could you perhaps switch to sessions (though that would only help you if the referring files are all on the same machine)?
04-16-2003, 11:20 PM
Well I don't know ... I used referrer information to prevent leeching; I've never used sessions - you mean validate the form script by reference to the session ID (and don't process if there isn't one)?