I’m surprised that anyone still uses referer headers as a “security” measure. I’ve come across this several times recently. I’ll select a URL out of firefox, and paste it onto a
curl -O command line, only to end up with a 0-sized file. And usually if I just add
-e [site URL] to the command line, poof there’s my file. Most recently, I found this when trying to download the freely available Nine Inch Nails samples.
Seriously, what’s the point of doing this test? I don’t understand at all. If you want people to download a file in their web browser, do you think they can’t figure this out?
© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.