How to manually set REFERER header in Javascript?
JavascriptJavascript Problem Overview
I want to set Referer header of my webpage. Currently it displays "xyz" and I want to set it to "abc".
Viewed referer using javascript:alert(document.referer)
Javascript Solutions
Solution 1 - Javascript
You can use Object.defineProperty on the document object for the referrer property:
Object.defineProperty(document, "referrer", {get : function(){ return "my new referrer"; }});
Unfortunately this will not work on any version of safari <=5, Firefox < 4, Chrome < 5 and Internet Explorer < 9 as it doesn't allow defineProperty to be used on dom objects.
Solution 2 - Javascript
You cannot set Referer header manually but you can use location.href to set the referer header to the link used in href but it will cause reloading of the page.
Solution 3 - Javascript
This works in Chrome, Firefox, doesn't work in Safari :(, haven't tested in other browsers
delete window.document.referrer;
window.document.__defineGetter__('referrer', function () {
return "yoururl.com";
});
Saw that here https://gist.github.com/papoms/3481673
Regards
test case: https://jsfiddle.net/bez3w4ko/ (so you can easily test several browsers) and here is a test with iframes https://jsfiddle.net/2vbfpjp1/1/
Solution 4 - Javascript
I think that understanding why you can't change the referer header might help people reading this question.
From this page: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
From that link:
> A forbidden header name is the name of any HTTP header that cannot be modified programmatically... > > Modifying such headers is forbidden because the user agent retains full control over them. > > Forbidden header names ... are one of the following names: > > ... > > Referer > > ...
Solution 5 - Javascript
Above solution does not work for me , I have tried following and it is working in all browsers.
simply made a fake ajax call, it will make a entry into referer header.
var request;
if (window.XMLHttpRequest) { // Mozilla, Safari, ...
request = new XMLHttpRequest();
} else if (window.ActiveXObject) { // IE
try {
request = new ActiveXObject('Msxml2.XMLHTTP');
} catch (e) {
try {
request = new ActiveXObject('Microsoft.XMLHTTP');
} catch (e) {}
}
}
request.open("GET", url, true);
request.send();
Solution 6 - Javascript
You can not change the REFERRER property. What you are asking is to spoof the request.
Just in case you want the referrer to be set like you have opened a url directly or for the fist time{http referrer=null} then reload the page
location.reload();
Solution 7 - Javascript
If you want to change the referer (url) header that will be sent to the server when a user clicks an anchor or iframe is opened, you can do it without any hacks. Simply do history.replaceState, you will change the url as it will appear in the browser bar and also the referer that will be send to the server.
Solution 8 - Javascript
You can change the value of the referrer in the HTTP header using the Web Request API.
It requires a background js script for it's use. You can use the onBeforeSendHeaders as it modifies the header before the request is sent.
Your code will be something like this :
chrome.webRequest.onBeforeSendHeaders.addEventListener(function(details){
var newRef = "http://new-referer/path";
var hasRef = false;
for(var n in details.requestHeaders){
hasRef = details.requestHeaders[n].name == "Referer";
if(hasRef){
details.requestHeaders[n].value = newRef;
break;
}
}
if(!hasRef){
details.requestHeaders.push({name:"Referer",value:newRef});
}
return {requestHeaders:details.requestHeaders};
},
{
urls:["http://target/*"]
},
[
"requestHeaders",
"blocking"
]);
urls : It acts as a request filter, and invokes the listener only for certain requests.
For more info: https://developer.chrome.com/extensions/webRequest