Getting the HTTP Referrer in ASP.NET
You could use the UrlReferrer property of the current request: Request.UrlReferrer This will read the Referer HTTP header from the request which may or may not be supplied by the client (user agent).
http-headers
Return a PHP page as an image
The PHP Manual has this example: <?php // open the file in a binary mode $name=”./img/ok.png”; $fp = fopen($name, ‘rb’); // send the right headers header(“Content-Type: image/png”); header(“Content-Length: ” . filesize($name)); // dump the picture and stop the script fpassthru($fp); exit; ?> The important points is that you must send a Content-Type header. Also, you … Read more
Axios get access to response header fields
In case of CORS requests, browsers can only access the following response headers by default: Cache-Control Content-Language Content-Type Expires Last-Modified Pragma If you would like your client app to be able to access other headers, you need to set the Access-Control-Expose-Headers header on the server: Access-Control-Expose-Headers: Access-Token, Uid
‘Refresh’ HTTP header
As far as I know, Refresh (along with Set-Cookie and possibly some other proprietary pseudo-headers) were created by Netscape in the very early days of the internet and have been basically (but not quite) standard since then. Because just about every browser supports it, Refresh is pretty safe to use — and commonly is. I … Read more
How do I find the mime-type of a file with php?
If you are sure you’re only ever working with images, you can check out the getimagesize() exif_imagetype() PHP function, which attempts to return the image mime-type. If you don’t mind external dependencies, you can also check out the excellent getID3 library which can determine the mime-type of many different file types. Lastly, you can check … Read more
Does $_SERVER[‘HTTP_X_REQUESTED_WITH’] exist in PHP or not?
The variables in $_SERVER are not really part of PHP, which is why you won’t find them in the PHP documentation. They are prepared by the Web server which passes them on to the scripting language. As far as I know, the X-Requested-With is sent by the Ajax functions of most major Frameworks but not … Read more
What security risks exist when setting Access-Control-Allow-Origin to accept all domains?
By responding with Access-Control-Allow-Origin: *, the requested resource allows sharing with every origin. This basically means that any site can send an XHR request to your site and access the server’s response which would not be the case if you hadn’t implemented this CORS response. So any site can make a request to your site … Read more
Force file download with php using header()
I’m pretty sure you don’t add the mime type as a JPEG on file downloads: header(‘Content-Type: image/png’); These headers have never failed me: $quoted = sprintf(‘”%s”‘, addcslashes(basename($file), ‘”\\’)); $size = filesize($file); header(‘Content-Description: File Transfer’); header(‘Content-Type: application/octet-stream’); header(‘Content-Disposition: attachment; filename=” . $quoted); header(“Content-Transfer-Encoding: binary’); header(‘Connection: Keep-Alive’); header(‘Expires: 0’); header(‘Cache-Control: must-revalidate, post-check=0, pre-check=0’); header(‘Pragma: public’); header(‘Content-Length: ‘ … Read more
How do I read any request header in PHP
IF: you only need a single header, instead of all headers, the quickest method is: <?php // Replace XXXXXX_XXXX with the name of the header you need in UPPERCASE (and with ‘-‘ replaced by ‘_’) $headerStringValue = $_SERVER[‘HTTP_XXXXXX_XXXX’]; ELSE IF: you run PHP as an Apache module or, as of PHP 5.4, using FastCGI (simple … Read more
How does Content Security Policy (CSP) work?
The Content-Security-Policy meta-tag allows you to reduce the risk of XSS attacks by allowing you to define where resources can be loaded from, preventing browsers from loading data from any other locations. This makes it harder for an attacker to inject malicious code into your site. I banged my head against a brick wall trying … Read more