HTTP/HTML: Missing HTTP-Body/HTML on Redirect

This bothers me often: unfriendly redirects.

You visit a wordpress blog, submit a comment and you see what? A blank page.

Or you visit a website. And you see what? A blank page.

How can that happen? Some websites do redirect their users to some other location, for example after submitting a form (like with the comments) or because of the language or useragent identification. But those websites are setting HTTP headers for the redirect only and do not provide some HTML to tell a human user where to go. So if a user has configured her webbrowser to not automatically follow redirects (you name it: spam, gateways, phishing, funneling, user-tracking, surf-traps, payloads, security, usability) she has reached a dead end.

Patch available for wordpress now: Ticket #13909: Redirect does not return a HTTP body.

As a workaround you can replace wp_redirect(), it is a pluggable function because this will certainly not make it into 3.0 – maybe it’s security related an this can be speed up. Let’s see.

Know your Browser

Opera has a setting build in to protect you from automatic redirects, for Firefox, there is a addon available.

Do not let yourself get misdirected by redirects. Stay safe. And take care your site helps your users to stay safe and happy as well.

Read on: URL Redirector Abuse – WASC Attack Threat;

This entry was posted in Code Smells, Hacking The Core, Surviving the Internet and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.