Webmin missing referrer with MSIE javascript

 

If you used Webmin you should know that it has a security control that check the existence of the HTTP referer header at each request, just to be make sure that when you access a subpage you’re coming from the parent module instead of a direct request.

window.location not passing the referrer to Webmin

You should also know that when you’re using javascript with MSIE and you’re loading a new page using the following code:

window.location = '/newurl';

this will not pass the additional HTTP referrer to the target Webmin page.

Webmin will output an error page explainging that a security settings must be turned off.

javascript function that solve the problem for Webmin

To avoid this problem the solution it’s to create a javascript function that will check if the user agent is MSIE or not. If the browser is MSIE then it will construct a DOM anchor object and simulate a click; instead, for all the other browser it will keep using the original window.location object as them are not affected by this bug.

This is my example i used to switch from a Webmin server to another using ajax:

function switchServer(obj) {
    var myurl = '/servers/link.cgi/' + obj.value+ '/';
    if (/MSIE (d+.d+);/.test(navigator.userAgent)){
        var referLink = document.createElement('a');
        referLink.href = myurl;
        document.body.appendChild(referLink);
        referLink.click();
    } else {
        location.href = myurl;
    }
}
Webmin missing referrer with MSIE javascript, 4.5 out of 5 based on 2 ratings
GD Star Rating
loading...