http-referer

I have a scenario where the user receives an email from the system with a specific link which requires login. say for example the link is http://test.url.com/product/2 . Where clicking on this link redirects the user to the sign in page and should redirect to the received url upon success login. But the issue I am having is the system always redirects to the default location which is http://test.url.com/dashboard . To implement this I used http://symfony.com/doc/current/reference/configuration/security.html#redirecting-after-login use_referer: true in security.yml and to test it I have used

Say that I have a link from one.com to two.com/A.html. A.html looks like this <FRAMESET cols="100%"> <FRAME src="B.html"> </FRAMESET> The HTTP Referer on A.html is "one.com", but what will the HTTP referer be on B.html? Is this browser specific? it'll be two.com/A.html, the link from the container. It's not browser specific, unless the browser is told to send a different referer via configuration It should be two.com/a.html (i.e. the page that has the frameset on it). Remember that these referrers are set by the browser and therefore can be faked. 来源： https://stackoverflow.com/questions

My actual implementation of this is much more complicated, with authentication and a bunch of other stuff, but at the simplest form, here's the problem I'm having. Redirecting with header doesn't reveal itself as a referer. So, let's say I have three pages: start.php, middle.php and end.php start.php <html><body> <a href="middle.php">middle</a> </body></html> middle.php <?php header('Location: end.php'); ?> end.php <?php echo 'The referer is: ' . $_SERVER['HTTP_REFERER']; ?> When you follow the link, you end up at end.php, but the referer is not middle.php. Is there any other redirection

Is there a straightforward way to set custom headers with Mechanize 2.3? I tried a former solution but get: $agent = Mechanize.new $agent.pre_connect_hooks << lambda { |p| p[:request]['Referer'] = 'https://wwws.mysite.com/cgi-bin/apps/Main' } # ./mech.rb:30:in `<main>': undefined method `pre_connect_hooks' for nil:NilClass (NoMethodError) The docs say: get(uri, parameters = [], referer = nil, headers = {}) { |page| ... } so for example: agent.get 'http://www.google.com/', [], agent.page.uri, {'foo' => 'bar'} alternatively you might like: agent.request_headers = {'foo' => 'bar'} agent.get url

Can the PHP variable $_SERVER['SERVER_NAME'] be forged or faked? I was planning on using that as a security measure for form posting. I would check to make sure that variable is my site name (www.example.com). I know HTTP_REFERRER can be faked, but I wasn't sure on this one. Thanks! Actually $_SERVER['SERVER_NAME'] can be affected by what the client browser sends over... See http://shiflett.org/blog/2006/mar/server-name-versus-http-host for a through investigation on the issue. By a visitor it can't normally be faked out. But I suspect you would want to enforce a certain SERVER_NAME to license