Comments on: Internet Explorer HTTP_REFERER javacript redirect issue http://www.thedeveloperday.com/internet-explorer-http_referer-javacript-redirect-issue/ Staying Curious Wed, 01 Feb 2012 07:05:15 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: SMFX http://www.thedeveloperday.com/internet-explorer-http_referer-javacript-redirect-issue/comment-page-1/#comment-1078 SMFX Fri, 19 Aug 2011 20:29:40 +0000 http://www.thedeveloperday.com/?p=129#comment-1078 I'm not sure if you're still looking at why, but I ran into again for an annoying reason and found this KB article that documents why: http://support.microsoft.com/kb/178066 Basically because crossing a site could potentially send info, they stopped doing it in IE4 when the real solution should have been "don't include sensitve crap in your URL to begin with", they instead went with "don't ever include the Referer" because they couldn't control the content of the first and only the content of the second. The lesson is, don't use the HTTP_REFERER. I’m not sure if you’re still looking at why, but I ran into again for an annoying reason and found this KB article that documents why:
http://support.microsoft.com/kb/178066

Basically because crossing a site could potentially send info, they stopped doing it in IE4 when the real solution should have been “don’t include sensitve crap in your URL to begin with”, they instead went with “don’t ever include the Referer” because they couldn’t control the content of the first and only the content of the second.

The lesson is, don’t use the HTTP_REFERER.

]]>