|

Referer Header Checked Validation Question

View: New views

3 Messages — Rating Filter: Alert me

	Referer Header Checked Validation Question by Youngho Cho :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hello, I read 'Security in Ajax' sitepen blog (http://www.sitepen.com/blog/2008/09/25/security-in-ajax/). The 'Referer Header Checked Validation' technique is exactly what I want. But I hope to use this technique with dojo.io.iframe also. How can to do that ? Thanks, Youngho _______________________________________________ FAQ: http://dojotoolkit.org/support/faq Book: http://docs.dojocampus.org Dojo-interest@... http://mail.dojotoolkit.org/mailman/listinfo/dojo-interest
	Re: Referer Header Checked Validation Question by Kris Zyp-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Youngho wrote: > Hello, > > I read 'Security in Ajax' sitepen blog > (http://www.sitepen.com/blog/2008/09/25/security-in-ajax/). > The 'Referer Header Checked Validation' technique is exactly what I > want. > > But I hope to use this technique with dojo.io.iframe also. > > How can to do that ? The browser will still automatically add the Referer header (if it is enabled) for iframe requests just like any other HTTP requests, and you can examine the Referer header on the server in same way. - -- Kris Zyp SitePen (503) 806-1841 http://sitepen.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5dKAACgkQ9VpNnHc4zAzcUQCgq4WkB/JO5a7RnBcc88HyGR9m jNcAoMLy8B4VdcmFfWQLiPG+HlO/EfgK =aE20 -----END PGP SIGNATURE----- _______________________________________________ FAQ: http://dojotoolkit.org/support/faq Book: http://docs.dojocampus.org Dojo-interest@... http://mail.dojotoolkit.org/mailman/listinfo/dojo-interest
	Re: Referer Header Checked Validation Question by Youngho Cho :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hello Kris, Thanks for your reply. I expected same. But I can see the Referer header validation info when normal xhr only. when I use dojo.io.iframe.send() than I can not see the info from at server side. Am I something missing here ? Thanks, Youngho _______________________________________________ FAQ: http://dojotoolkit.org/support/faq Book: http://docs.dojocampus.org Dojo-interest@... http://mail.dojotoolkit.org/mailman/listinfo/dojo-interest