lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev http_referer bug?


From: 914
Subject: lynx-dev http_referer bug?
Date: Mon, 03 May 1999 14:19:37 -0400

Hiya..  

i am sorta the admin for a large chat site, http:/bianca.com

and we have been trying to amke shure our code is accessible as
possible, to include Lynx.

BUT..  recently i made some changes, i enforced a check against
HTTP_REFERER to ensure that all POST operations were coming from
within the bianca.com domain. (we'd had problems with folk modifying
our forms for bad purposes)

using Lynx 2.8.1rel2 at the public Lynx gateway of:
telnet://lynx.bob.bofh.org/


since my software checks the HTTP_REFERER, i decided to do some
tests with the publicly available cgi-env checker at:
http://cache.jp.apan.net/cgi-bin/proxy-checker/showenv.cgi 

IF i go there directly with Lynx, there is no HTTP_REFERER field
(normal behaviour)

IF i hit one of my chats (it works the same in all, tried it)at:
http://bathroom.bianca.com/cgi-bin/bchat/shack/bathroom/cs
i can make exactly ONE post (form submit)

IF i post the link to the cgi-checker, and go to the chat, and
follow the link, *without* making a form submit on the bianca.com
page, the HTTP_REFERER env variable is correctly shown as
http://bathroom.bianca..etc

IF i go to the room, and make my one post, then on page load, follow
the link to the cgi-checker, there is no HTTP_REFERER!

So, it seems that Lynx (at least 2.8.1Rel2) can provide the correct
http_referer for the first form submit, but it is wiped out
thereafter..


i'm guessing this is notnormal behaviour?


thanks for your time!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]