[UPHPU] server name, http_host & same origin policy
Walt Haas
haas at xmission.com
Sun Mar 4 19:19:04 MST 2007
On Sun, 2007-03-04 at 19:04 -0700, Alvaro Carrasco wrote:
> Walt Haas wrote:
> > Problem: My web site is at http://thewebsitedoctor.net or you may refer
> > to it as http://www.thewebsitedoctor.net . Either way,
> > $_SERVER['SERVER_NAME'] contains 'www.thewebsitedoctor.net'. That's not
> > a problem until I construct a base URL from the value of SERVER_NAME
> > then try to use that to load an XML file from the site. If the user
> > happened to load the page as 'www.thewebsitedoctor.net' everything is
> > fine, but if they typed just 'thewebsitedoctor.net' the browser looks at
> > where the XML is coming from and say "Not the same origin, you lose".
> >
> > Any bright ideas out there? Don't put <base> in the <head>?
> >
> I usually redirect any requests to
> http://sample.com
> to
> http://www.sample.com
>
> You can also try using $_SERVER['HTTP_HOST']
>
> Alvaro
>
Cool. How do you know the request went to http://sample.com? Or do you
put the redirect in the Apache config?
Looking at $_SERVER, the only thing that tells me who the browser thinks
it's talking to is $_SERVER['HTTP_HOST'], which I believe contains
whatever the browser said to put there, if anything. Firefox 1.5 and IE
6 get it right. If I point Links at http://thewebsitedoctor.net,
HTTP_HOST contains www.thewebsitedoctor.net. I don't know where that
change gets made.
--
-- Walt
--------
Computer Science won't be what it should be until it is what it was when
we didn't have any and knew what it could do for us.
More information about the UPHPU
mailing list