function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
irlrobinsirlrobins 

HTTP Header - Referer field not send using PageReference in IE

Hey all,

 

Hitting a wall in trying to figure this one out.

 

At a high level:

VF Page with a command button whose action returns a pagereference to an external site. This external site checks the referer field in the http headers to determine if it allows access or not.

 

If I use Firefox 3, the referer header is sent and the external site accepts the request. The exact same process in Internet Explorer (7 and 8) fails, as the referer field is not included in the request headers.

 

VF Page (cut out the unrelated code)

<apex:commandButton value="Submit Order" action="{!submit}" rendered="{!DisplayForFinalApprover}"/>

 Controller:

public PageReference submit(){
PageReference pageRef;
pageRef = new PageReference('https://www.externalsite.com/epage.cgi');
pageRef.getParameters().put('MERCHANT_ID','123');
pageRef.getParameters().put('ORDER_ID','123');
etc
pageRef.setRedirect(true);
return pageRef;		
}

The above works in FF but not IE. 

 

Now if I put the use outputlink as follows:

<apex:outputLink value="https://www.externalsite.com/epage.cgi?MERCHANT_ID=123&ORDER_ID=123" id="theLink">Submit Order</apex:outputLink>

 

Then the referer field is in the request headers and the external site accepts the request. both in IE and FF.

 

So why does the PageReference work in Firefox, but not in Internet Explorer? Why is the referer field not sent?

Jeremy-KraybillJeremy-Kraybill

Firstly, using the Referer header for anything meaningful (esp authentication) is a bad idea for several reasons. But assuming you don't have control over that external page and need to rely on it, you'll have to work around it by using client-side javascript, because IE doesn't pass referer in several circumstances like this. See this article for details: http://webbugtrack.blogspot.com/2008/11/bug-421-ie-fails-to-pass-http-referer.html

 

Hope that helps

 

Jeremy Kraybill
irlrobinsirlrobins

Thanks for your reply Jeremy,

 

You're correct, I don't have control over the external page so I reliant on getting the referer header sent.

 

The link you sent does seem to fit the issue I'm seeing. But I'm not 100% sure on how to implement the workaround. I understand how to put the javascript code in the link on my page, and how it works. But I don't know how I might pass paramaters to it.

 

The code I gave in my first post was very much a simplistic version of the actual code. In reality the submit method contains fairly complex logic that results in the method returning one of several different possible PageReferences and also updating the state of some objects.

 

So how do I ensure that the updates in the submit action are carried out, the correct page reference returned and the correct link and parameters are sent to the goto javascript function?

 

I'm assuming it will take the form of

<apex:commandButton value="Submit Order" action="{!submit}" rendered="{!DisplayForFinalApprover}" oncomplete="goto(***insert link here**)"/>

 

But how do ensure the correct link is passed to the goto function? Another method?