URL: http://www.uburst.com/cgi-bin/dcforum/dcboard.cgi
Forum: ushop_cgi
Thread Number: 131
[ Go back to previous page ]

Original Message
"The referring page did not meet security requirements"

Posted by tomphillipspcs [tom@pcoms.com] on at 03:58 PM
I get the following message when logging into ushop.pl for the first time - any ideas why?

The referring page did not meet security requirements


Table of contents

Messages in this discussion
"Referring Page Does Not Meet Security Requirements"
Posted by Christine [info@uburst.com] on at 04:39 PM
Usually this happens when the script_url parameter of your uShopOrderButton applet is not set to your secure URL.

For example, you might be specifying:

PARAM NAME="script_url" VALUE="http://mywebsite.com/cgi-bin/ushop.pl"

instead of your secure URL:

PARAM NAME="script_url" VALUE="https://www.mysecuresite.com/mywebsite/cgi-bin/ushop.pl"

See if that is where the problem is.

"RE: The referring page did not meet security requirements"
Posted by Bill Weiner on at 06:06 PM
When logging in to the uShop Control Panel, make sure you try doing so from the URL that you specified in configuration question #4 of the ushop.pl script (the $secure_script_url setting).

"Sub Domain Names"
Posted by Preusser [preussermt@aol.com] on at 08:16 AM
I have one main domain name and additional sub domain names which all will guide to my main domain.
When a customer comes to my online store via the main domain name, the order placement works correctly.
When a customer comes to my online store via a sub domain name, the message "The referring page ..." appears.
I think the reason is the same as already mentioned here - the URL given in the ushop.pl is my main domain name and so the CGI-script does not accept requests from the sub domain names.
Is there any possibility to solve this problem?

Best regards,


"RE: Sub Domain Names"
Posted by Bill Weiner on at 05:25 AM
There are two ways to resolve that problem and allow people to link to your uShop CGI script from different domains.

OPTION 1: The easiest option is to just turn "Page Validation" off (from the uShop Control Panel under GENERAL SETTINGS - MISCELLANEOUS). The only risk that gets introduced by turning Page Validation "OFF" is the chance that technically someone could save your store's HTML pages on their local computer, change the prices, and then submit the order from their local computer. For smaller stores, this is typically not an issue since the storeowner would recognize the price changes... but for larger stores with many items, it may be difficult for the storeowner to recognize if the prices of any items have been modified.

OPTION 2: The other option is to modify the uShop CGI script to all links from a specific list of URLS.... as per the instructions below:

STEP 1: Make a backup of your current ushop-lib.pl script... just in case.

STEP 2: Open your ushop-lib.pl script with any text editor such as WordPad.

STEP 3: Do a search on the following line (in order to get to the start of the subroutine that validates the referrer:

sub validate_referral_page

STEP 4: Locate the following two lines in that subroutine:

if ((!($referrer_string =~ /$expected_referrer/i)) XX
($referrer_string =~ /^file/i))

STEP 5: Replace those two lines with something like these 8 lines:

$domain2 = 'domain2.com';
$domain3 = 'domain3.com';
$domain4 = 'domain4.com';

if ((!($referrer_string =~ /$expected_referrer/i)) XX
(!($referrer_string =~ /$domain2/i)) XX
(!($referrer_string =~ /$domain3/i)) XX
(!($referrer_string =~ /$domain4/i)) XX
($referrer_string =~ /^file/i))

STEP 6: Save the file (as TEXT if your editor asks)... and try it out!

NOTE: Vertical bars (or pipe) characters do not show up correctly in this forum, so be sure to use vertical bars instead of the XX.