Response.Redirect strips Header Referrer - Possible to Add it Back?

Question 1

Response.Redirect strips Header Referrer - Possible to Add it Back?

c# asp.net .net http-headers response.redirect

Jeeby · Oct 28, 2008 · Viewed 25.7k times · Source

Answer

Answer

There is an HTML hack available.

<form action="http://url.goes.here" id="test" method="GET"></form>
<script type="text/javascript">
  document.getElementById("test").submit();
</script>

If you need to trigger that from a code behind, that can be done too:

Response.Write( @"<form action='http://url.goes.here' id='test' method='GET'></form>
                  <script type='text/javascript'>
                     document.getElementById('test').submit();
                  </script> ");

As Inkel might point out, that is a loose interpretation of the Referer[sic] spec. It will do what you want though.

Question 2

I'm using a Response.Redirect to redirect users to another server to download a file, and the other server is checking the header to ensure it came from the correct server... however it seems Response.Redirect strips the headers from the Response.

Does anybody know how i can add the headers back? I've tried:

Response.AddHeader("Referer", "www.domain.com");

But the receiving page tests false when i check if the Referrer header is set.

Any suggestions how i can get this working, other than displaying a button for the user to click on (i'd like to keep the url hidden from the user as much as possible).

Response.Redirect strips Header Referrer - Possible to Add it Back?

Answer

Related questions