Laravel Blank Referrer

Question

I made all my external links go through some url route which handles shortened urls and gets the right url from the database and sends the user to the right place.. Is there any option to remove the http referrer on every request that is sent through this specific route? (in this example domain.com/visit/example_url).

web.php looks like this -

use App\Links;

Route::get('/{language}/visit/{slug}', function($language, $slug) {
    $url_record = Links::where('language',$language)->where('slug',$slug)->first();
    return redirect($url_record->url);
});

So right before the user is being redirect, i'd like to "nullify" the http referrer.

And yes, all the requests are being passed through https.

Could you just set `$_SERVER['HTTP_REFERER'] = null`? I don't think Laravel stores it anywhere else. — Jeff, Jun 05 '18 at 13:54
Where should I set it?.. Right before the redirect() function? — Gonras Karols, Jun 05 '18 at 13:56
https://stackoverflow.com/questions/6880659/in-what-cases-will-http-referer-be-empty should give you some ideas on how to prevent it from passing a referrer. Making your site HTTPS should be the easiest (and best for your users) approach. — ceejayoz, Jun 05 '18 at 13:56
@GonrasKarols nevermind, I misunderstood your goal. My comment isn't going to do what you wanted. — Jeff, Jun 05 '18 at 13:58
See also: https://caniuse.com/#feat=referrer-policy - sending a `Referrer-Policy: no-referrer` header with the redirect should work in modern browsers. — ceejayoz, Jun 05 '18 at 13:58
@ceejayoz any quick recipe to send this custom header from within laravel? — Gonras Karols, Jun 05 '18 at 14:07
@GonrasKarols https://laravel.com/docs/5.6/responses#attaching-headers-to-responses — ceejayoz, Jun 05 '18 at 14:10
@ceejayoz Yeah, already been there.. but there's not option to set these custom headers when using the redirect() function. As [this thread](https://stackoverflow.com/questions/36427106/laravel-how-to-set-custom-header-while-redirecting-to-any-url/36427902) says - "there's no way to trigger an HTTP redirect and cause the client (browser) to add a custom header." — Gonras Karols, Jun 05 '18 at 14:28
@GonrasKarols That doesn't matter in this situation. You don't need the redirected-to page to have that header. You need the redirect itself to have it, which works fine. — ceejayoz, Jun 05 '18 at 14:31
@ceejayoz Sorry.. Not sure that i fully understood you.. how would you write that in code? This method that you're talking about.. — Gonras Karols, Jun 05 '18 at 14:36
@GonrasKarols `return redirect('http://www.google.com/')->header('Referrer-Policy', 'no-referrer');` should do the trick. — ceejayoz, Jun 05 '18 at 14:48

Laravel Blank Referrer

0 Answers0