You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Timothy Stone <ci...@petmystone.com> on 2004/03/19 20:36:56 UTC

Re: [users@httpd] [CLOSED] strange 403 in MSIE...seems js related but...need assistance

Javascript is an odd beast.

As near as I can tell the original script (simple call to window.open()) 
failed to inherit the document.referrer from the parent.

By applying the second solution, the new window's document must inherit 
the referrer property. I tried proving this with mozilla's venkman 
debugger, but not sure I was looking at the right property.

Anyhow, fixed...or maybe just gone away.

Tim

Timothy Stone wrote:

> List,
> 
> *
> * This problem seems to be only reproducible in MSIE 5+/Win and in  
> Safari 1.2.1/Mac
> *
> You can see the problem on the website at  
> www.levittpavilionharrisburg.com.
> 
> Specifically, on  
> http://www.levittpavilionharrisburg.com/photo_construct.htm
> 
> The images are links that use the rather ubiquitous, and simple,  
> javascript function window.open().
> 
> The resulting window fails to display the image and displays instead  
> Forbidden 403.
> 
> Currently I'm trying two versions of a simple script:
> 
> 1.
> function openScript( url, width, height ) {
>     var Win = window.open( ... );
> }
> 
> 2. more sophisticated, by myself.
> function openScript(url) {
>     var doc = "";
>     win =  
> window.open("","openScript","toolbar=no,resizable=yes,scrollbars=yes,men 
> ubar=no,status=no" );
>     doc = "<p><img src=\"" + url + "\"></p>";
>     win.document.clear();
>     win.document.write( doc );
>     win.document.close();
> }
> 
> Neither one works. The resulting window opens, but it 403s in the  
> Apache error log. *This only happens in MSIE or Safari 1.2.1.* The  
> error is very specific stating the client was denied by the server  
> configuration. Okay. Well, why does it work in Mozilla or Netscape?
> 
> So let's talk about my config.  levittpavilionharrisburg.(com|org) is  
> in VirtualHost block. The server is a NameVirtualHost * server.
> 
> I'm employing SetEnvIfNoCase Referer to prevent the images from  
> "adorning other sites" like so ...
> 
>     SetEnvIfNoCase Referer  
> "^http://www\.levittpavilionharrisburg\.com/"   local_ref=true
>     # fixed the blocking of internal requests for images.
>     SetEnvIfNoCase Referer "^http://10\." internal_ref=true
>     <FilesMatch ".(gif|jpg|png)">
>         Order Allow,Deny
>         Allow from env=local_ref
>         Allow from env=internal_ref
>     </FilesMatch>
> 
> As near as I can tell from the logs, MSIE and Safari are not sending  
> the referer, but "-".
> 
> Any ideas?
> 
> Many thanks, Tim

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org