Getting the HTTP Referrer in ASP.NET
You could use the UrlReferrer property of the current request: Request.UrlReferrer This will read the Referer HTTP header from the request which may or may not be supplied by the client (user agent).
You could use the UrlReferrer property of the current request: Request.UrlReferrer This will read the Referer HTTP header from the request which may or may not be supplied by the client (user agent).
The PHP Manual has this example: <?php // open the file in a binary mode $name=”./img/ok.png”; $fp = fopen($name, ‘rb’); // send the right headers header(“Content-Type: image/png”); header(“Content-Length: ” . filesize($name)); // dump the picture and stop the script fpassthru($fp); exit; ?> The important points is that you must send a Content-Type header. Also, you … Read more
In case of CORS requests, browsers can only access the following response headers by default: Cache-Control Content-Language Content-Type Expires Last-Modified Pragma If you would like your client app to be able to access other headers, you need to set the Access-Control-Expose-Headers header on the server: Access-Control-Expose-Headers: Access-Token, Uid
As far as I know, Refresh (along with Set-Cookie and possibly some other proprietary pseudo-headers) were created by Netscape in the very early days of the internet and have been basically (but not quite) standard since then. Because just about every browser supports it, Refresh is pretty safe to use — and commonly is. I … Read more
If you are sure you’re only ever working with images, you can check out the getimagesize() exif_imagetype() PHP function, which attempts to return the image mime-type. If you don’t mind external dependencies, you can also check out the excellent getID3 library which can determine the mime-type of many different file types. Lastly, you can check … Read more
The variables in $_SERVER are not really part of PHP, which is why you won’t find them in the PHP documentation. They are prepared by the Web server which passes them on to the scripting language. As far as I know, the X-Requested-With is sent by the Ajax functions of most major Frameworks but not … Read more
By responding with Access-Control-Allow-Origin: *, the requested resource allows sharing with every origin. This basically means that any site can send an XHR request to your site and access the server’s response which would not be the case if you hadn’t implemented this CORS response. So any site can make a request to your site … Read more
I’m pretty sure you don’t add the mime type as a JPEG on file downloads: header(‘Content-Type: image/png’); These headers have never failed me: $quoted = sprintf(‘”%s”‘, addcslashes(basename($file), ‘”\\’)); $size = filesize($file); header(‘Content-Description: File Transfer’); header(‘Content-Type: application/octet-stream’); header(‘Content-Disposition: attachment; filename=” . $quoted); header(“Content-Transfer-Encoding: binary’); header(‘Connection: Keep-Alive’); header(‘Expires: 0’); header(‘Cache-Control: must-revalidate, post-check=0, pre-check=0’); header(‘Pragma: public’); header(‘Content-Length: ‘ … Read more
IF: you only need a single header, instead of all headers, the quickest method is: <?php // Replace XXXXXX_XXXX with the name of the header you need in UPPERCASE (and with ‘-‘ replaced by ‘_’) $headerStringValue = $_SERVER[‘HTTP_XXXXXX_XXXX’]; ELSE IF: you run PHP as an Apache module or, as of PHP 5.4, using FastCGI (simple … Read more
The Content-Security-Policy meta-tag allows you to reduce the risk of XSS attacks by allowing you to define where resources can be loaded from, preventing browsers from loading data from any other locations. This makes it harder for an attacker to inject malicious code into your site. I banged my head against a brick wall trying … Read more