C# – Response.Redirect strips Header Referrer – Possible to Add it Back

.netasp.netc++http-headersresponse.redirect

I'm using a Response.Redirect to redirect users to another server to download a file, and the other server is checking the header to ensure it came from the correct server… however it seems Response.Redirect strips the headers from the Response.

Does anybody know how i can add the headers back? I've tried:

Response.AddHeader("Referer", "www.domain.com");

But the receiving page tests false when i check if the Referrer header is set.

Any suggestions how i can get this working, other than displaying a button for the user to click on (i'd like to keep the url hidden from the user as much as possible).

Best Solution

There is an HTML hack available.

<form action="http://url.goes.here" id="test" method="GET"></form>
<script type="text/javascript">
  document.getElementById("test").submit();
</script>

If you need to trigger that from a code behind, that can be done too:

Response.Write( @"<form action='http://url.goes.here' id='test' method='GET'></form>
                  <script type='text/javascript'>
                     document.getElementById('test').submit();
                  </script> ");

As Inkel might point out, that is a loose interpretation of the Referer[sic] spec. It will do what you want though.