Openmoko Webshop Reopen NOW!!!

Michael T. Dean mtdean at thirdcontact.com
Sat Aug 2 19:55:33 CEST 2008


On 07/05/2008 12:23 AM, Joachim Steiger wrote:
> Michael T. Dean wrote:
>   
>> Which could /not/ happen before I've been given a chance to type in my 
>> credit card information--i.e. before they know which card/bank to ask 
>> for authorization.
>>     
> sorry i doubted you. just sounded like another thing we were seeing
>> BTW, this is 100% repeatable (even still) on any computer on my network.
>>     
> do you have any special nat features, a transparent proxy in use?
>
> ah.. and is JavaScript enabled?
>
> lets track it down.

OK.  I'm finally at home again (I've been traveling for work) and got a 
chance to play around to test it.  It turns out it wasn't my router 
configuration, it was my browser configuration.

The payment site is verifying the Referer header and my browser was not 
sending that header.  The off-network computer I tried was configured to 
send the Referer, so it worked on that one.  I could have sworn I had 
tested that when I was trying to buy initially (as many websites are 
broken^H^H^H^H^H^Hconfigured to require a specific Referer value, so I 
usually remember to check).

/me wonders if he should mention the futility of using /any/ 
client-side-generated data for "security" purposes...  I guess, though, 
that's not Openmoko's problem, but Hi Trust's.

Mike




More information about the community mailing list