Openmoko Webshop Reopen NOW!!!
Michael T. Dean
mtdean at thirdcontact.com
Sat Aug 2 19:55:33 CEST 2008
On 07/05/2008 12:23 AM, Joachim Steiger wrote:
> Michael T. Dean wrote:
>> Which could /not/ happen before I've been given a chance to type in my
>> credit card information--i.e. before they know which card/bank to ask
>> for authorization.
> sorry i doubted you. just sounded like another thing we were seeing
>> BTW, this is 100% repeatable (even still) on any computer on my network.
> do you have any special nat features, a transparent proxy in use?
> lets track it down.
OK. I'm finally at home again (I've been traveling for work) and got a
chance to play around to test it. It turns out it wasn't my router
configuration, it was my browser configuration.
The payment site is verifying the Referer header and my browser was not
sending that header. The off-network computer I tried was configured to
send the Referer, so it worked on that one. I could have sworn I had
tested that when I was trying to buy initially (as many websites are
broken^H^H^H^H^H^Hconfigured to require a specific Referer value, so I
usually remember to check).
/me wonders if he should mention the futility of using /any/
client-side-generated data for "security" purposes... I guess, though,
that's not Openmoko's problem, but Hi Trust's.
More information about the community