1 Reply Latest reply on Nov 6, 2013 7:36 AM by shanna

    How can we set the Referer field in the Http Request?




      My community is built on Jive 5.0.5 (Hosted). I am working on something rather urgent and ran into a problem. I am hoping someone has insights on this.


      Basically, I am posting a URL to an eCommerce site in Jive. This eCommerce site needs to make sure the request is coming from my Jive-based community before it honors the request. Normally, this can be done by examining the Referer field in the HttpRequest. But when we tried this, we notice the Referer field in HttpRequest from Jive is blank. We tested this technique on google/cnn/etc., their Referer field is filled in as expected (i.e. www.cnn.com). Anyone know how I can make sure the Referer field from my Jive requests are properly set and sent?


      https://myJive.company.com  >>>> navigate to www.mystore.com  (only honor the request if HttpReferer contains myJive.company.com)


      I should add that I've tested this technique two ways in Jive. I've embedded the eCommerce link in a Jive discussion. I've also added the link to the footer of Jive (via Chrome Developer Tool). Both produced a blank Referer. Similar techniques worked in other popular websites where the originated URL is identified properly in Referer.


        • Re: How can we set the Referer field in the Http Request?

          With help from Jive Support, I was able to achieve the effect I needed. Since this question has not been answered, I'll share my findings so it may benefit someone down the road.


          When I started, I knew that HttpReferer is an optional field. What I didn't know was that the browser drops the HttpReferer field when it directs requests from https to http. The mechanism works if you are navigating from http to http, https to https or http to https but not https (such as my hosted Jive site) to http (most retailer websites). This is why the http storefront link worked when originating from (http) cnn.com. Luckily, most of my customers have their https protocol active. I was able to post their https retail links from my Jive site and have users click on them to navigate to shop. In the storefront, we were able to evaluate HttpReferer and only honor the coupon code when the referrer condition is met.


          It is also important to keep in mind that HttpReferer will be blank if someone bookmarked the storefront URL or manually cut and paste the URL. That is perfect for my purpose since I only want the coupon code to work when someone originates from my Jive site.