An exception was thrown in my application, but the HTTP_REFERER was null, which seems strange in this case. I'm wondering if you could answer a quick question:
So I've got this form:
<!-- mysite.com/index.html --> <form action="http://mysite.com/somewhere/else"> <input type="submit" /> </form>
When someone submits the form, I am expecting that the
$_SERVER['HTTP_REFERER'] will be set to
/index.html. Is that true?
$_SERVER['HTTP_REFERER'] is the value of the optional HTTP Referer header. This header is set by the browser.
The browser can opt to not set it or to lie about it, such as Firefox's RefControl addon does. Thus, you cannot rely on it to be present, or even accurate.
If a browser does give it, it will most likely not be
/index.html, but rather
Yes. I just tested it with both HTTP POST and GET and the Referer header was sent by the client (Google Chrome) both times.
This might be browser specific behaviour though.
In case anyone cares, here's a simple way to test it in PHP:
<?php echo $_SERVER['HTTP_REFERER']; ?> <form method="post"><input type="submit" value="Submit"></form> <form method="get"><input type="submit" value="Submit"></form>
I believe that if you type in the URL, the browser won't set the referrer, but if you come from another page (click through or form post), the browser should set the referrer variable. This variable should be read and parsed by PHP.
Yes, when the POST is sent but not necessarily when the page is first loaded. You can always verify this by looking at your logs ('tail -n 10 file.log' will give the most recent 10 entries). The referrer part (for a dummy PHP form site.com/php-form/) below is in bold:
192.168.1.10 - - [16/Apr/2008:16:12:36 +1200] "GET /php-form/ HTTP/1.1" 200 2014 "http://www.referringsite.com/" Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.8 (like Gecko)"
Referrer is usually sent, so, you can expect it.
But you cannot rely on it, as it's only on the client's will - to send it or not.
And many clients don't.
'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.