stackoom
  简体   繁体   中英

how reliabile is document.referrer, can it be spoofed/ faked?

 原文  2015-03-06 02:29:54       javascript/ referrer/ http-referer/ spoofing

Question

How reliable is document.referrer in determining the source?

I want a website (A) to only work if the visitor came from a specific other website (B).

I am planning to use document.referrer in website A to check whether website B is the source (check is done server-side).

Is it safe and reliable way? If not, what are my alternatives?

I have looked at this , but the use case is exact opposite of mine.

1 answers

solution1
 2 ACCPTED  2015-03-06 02:32:35

This plan will not provide any degree of security. document.referrer does not exist "on the server side." It only exists as you're talking about in the browser.

What you get on the server is the HTTP referrer , and that is trivial to spoof.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can document.referrer be forged? How can I use document.referrer with two different modals? How can I control css via document.referrer Problems with document.referrer How to test the document.referrer on local? JavaScript document.referrer document.referrer and close() document.referrer - limitations? How can I determine if the document.referrer is from my own site? Can I combine the .load function with the document.referrer function?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM