-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/31/2014 5:06 AM, Léa Massiot wrote:
> Hello and thank you for reading my post.
>
> I'm trying to make a webapp work with HTTPS. It was working
> properly with HTTP. Below is the problem I have.
>
> Inside a servlet, in its "doPost()" method, to check whether the
> "incoming JSP" is "example1.jsp" or "example2.jsp", I am using the
> following piece of code:
> -----------------------------------------------------------
> s_referer = request.getHeader("referer");
>
> if(s_referer.contains("example1.jsp") == true) { b_jspReferer1 =
> true; } if(s_referer.contains("example2.jsp") == true) {
> b_jspReferer2 = true; }
> -----------------------------------------------------------
>
> In "example1.jsp" and "example2.jsp" there is a "<form>" element
> which "action" attribute is set to "do_example":
> ----------------------------------------------------------- <form
> method="post" action="do_example"> [...] </form>
> -----------------------------------------------------------
>
> Now that I'm using HTTPS, "s_referer" is always equal to
> "do_example" in the servlet. Before, it used to be either
> "example1.jsp" in case the "incoming" JSP was "example1.jsp" and
> "example2.jsp" in case the "incoming" JSP was "example2.jsp".
>
> I don't know how to correct my code to be able to discriminate
> between the two JSPs. Can you please help me?
>
> I apologize in advance for the barbaric expression "incoming JSP".
> I hope my point is understandable despite unfortunate expression.
>
> Best regards.
>
>
>
> -- View this message in context:
> http://tomcat.10.x6.nabble.com/From-HTTP-to-HTTPS-request-getHeader-referer-tp5024782.html
>
>
Sent from the Tomcat - User mailing list archive at Nabble.com.
Times the referer will be empty:
1. entered the site URL in browser address bar itself.
2. visited the site by a browser-maintained bookmark.
3. visited the site as first page in the window/tab.
4. switched from a https URL to a http URL.
5. switched from a https URL to a different https URL.
6. has security software installed (antivirus/firewall/etc) which
strips the
referrer from all requests.
7. is behind a proxy which strips the referrer from all requests.
8. visited the site programmatically (like, curl) without setting the
referrer header (searchbots!).
Have you looked in various tools on the browser (developer tools on
Chrome, Tamper on Firefox, Fiddler on IE) to see if the referer is
being set?
. . . just my two cents
/mde/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUU7ZlAAoJEEFGbsYNeTwtqbEH/RkgyGagCetRJXRf1rNRwF9x
o66i7Ghq2kdfOV8bMqU3jlWEQ7NaRZI6l2aOqkbgsRQBJQqopOn2IakV3EiIdzg3
DoeJmXypucroKAJPKlkUJoI/b6wv8pftjIwaOoqulKcICs5EFA+x+MQPKAOD6Xrp
ystXeAy+FD5ChxkAPXzzQQr7BMvUYJptZfOv++s5meS6uAK+u3jpZq5OG0CCLWer
K2V15WwswEd2GVZE+ohAnxYkzuheQbxIsTZ+eRwEIl+kiEKLCTruohTqS7fGHOtb
TcSxMJvZEQi9Y8B24V6xEbYaWLLwPvk8B2qQ1Uuxwu50ZA4nilUa2wd74jw1zVo=
=NOdV
-----END PGP SIGNATURE-----
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
