WordPress.org

Forums

Enable sending referrers (39 posts)

  1. thomas10
    Member
    Posted 10 years ago #

    Sorry, you need to enable sending referrers, for this feature to work.
    Huh? I get this when trying to delete a post. I know it's something with my firewall(s), but why should sending headers be required?? It seems kinda strange to absolutely require that when a lot of people are going to be denied access for that reason.
    Is there any way around this? Because if there isn't, I either have to configure a software firewall and two hardware firewalls to permit WordPress to work, or just switch to something else!

  2. Anonymous
    Unregistered
    Posted 10 years ago #

    The hardware firewall shouldn't be stopping it (unless it's an advanced one that does packet filtering).

  3. Anonymous
    Unregistered
    Posted 10 years ago #

    I have tried in 4 different machines and just keep telling the error, i just get tired of that and edited
    wp-admin/admin-functions.php
    on line 369/370 you have a function
    function check_admin_referer()
    I just changed to
    function check_admin_referer() {
    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
    $referer = strtolower($_SERVER['HTTP_REFERER']);
    if ( !strstr($referer, $adminurl) ) {
    //die('Sorry, you need to enable sending referrers, for this feature to work.');
    $referer = "localhost";
    }
    }
    and all plugins install ok now, it's not a pretty solution but it works.

  4. Anonymous
    Unregistered
    Posted 10 years ago #

    Any comment jus mail me josesilva at t6m dot com

  5. fluffsville
    Member
    Posted 10 years ago #

    I also had this error from the outset - couldn't delete posts or enable plugins, etc.
    In my software firewall, DISabling [privacy control] fixed the problem.

  6. Tarah
    Member
    Posted 10 years ago #

    Thanks so much josesilva - that worked perfectly! :)

  7. Anonymous
    Unregistered
    Posted 10 years ago #

    I also had to disable my Privacy Control Manager in my Firewall. What I don't get is that by clicking edit/delete you are making an http request on port 80 which is already permitted by the firewall. It works for all other Web sites, why not this?

  8. jjrae
    Member
    Posted 10 years ago #

    Bless you josesilva a thousand times over. It works now.

  9. 1800colette
    Member
    Posted 10 years ago #

    OMG! Thank you so much! Now everything works fine! :)

  10. kmurphy
    Member
    Posted 10 years ago #

    I am having the same problem... try to delete a link and I get "Sorry, you need to enable sending referrers, for this feature to work."
    I tried the editing of function check_admin_referer() but it did not work for me. I am using Firefox as a browser but tried in IE as well, still didn't work. I am also using Norton Anti Virus so disabled it to see if that was conflicting in anyway, but it still didn't work (I know an IT Security person who tells me to dump Norton because it is such a pain and is usually the root of all the networking problems she deals with).
    All that said, the problem could still be in my set up: I am running WordPress on my default installation of Apache on my home computer.
    My ISP here in BC Telus, has started to block port 80 to stop people from running web servers from their standard accounts, have to give them a whole lot more $$ to get a static IP and open port 80. However, I set my router (standard Linksys Etherfast cable/dsl 4 port) and configured Apache to listen to port 9090 for the http server. I also use http://www.no-ip.com and their Dynamic Update Client to automatically update the dynamic IP # assigned by Telus.
    It all works fine, and I do this so that I can build and test web sites on my home computer. Now I say it all works fine, or has, at anyrate, until this 'referer' problem. I can't seem to find a fix that works, and that may be simply because of the wacky rerouting going on explained above. Though I am not sure, and I suppose will not be sure until I post all of this up on a server and get the proper URL without having to reroute to different ports etc.
    BUT if anyone has any other thoughts as to what may be going on, I would love to try and work them out as I really want to be able to run WordPress off my seerver at home as well...
    thanks

  11. Sebastyne
    Member
    Posted 10 years ago #

    I'm still having this problem, even though I stopped my firewall completely. Could there be any other solution to this?

  12. AndrewGM
    Member
    Posted 10 years ago #

    I had the same problem where I couldn't delete any posts (I got the message saying "Sorry, you need to enable sending referrers, for this feature to work."). What I had to change just now in my firewall was to turn off "information hiding", which blocks brand of my computer, web browser, and last web site visited. Now it works again, although it's no longer a dark secret that I use Safari on an eMac to surf my own blog.

  13. shelleycat
    Member
    Posted 10 years ago #

    I had exactly this problem a while back. Turned out it wasn't my firewall, wasn't my isp, wasn't my computer. Just internet explorer's security settings. I changed to FireFox and the problem vanished. After much fiddling around in IE I managed to turn off whatever was causing it (although I have no clue what it was) and now everything works fine.

  14. Anonymous
    Unregistered
    Posted 10 years ago #

    what I did is just go to my Norton Internet Security and add my domain and allowing all the privacy setting..........and it is okay.

  15. Anonymous
    Unregistered
    Posted 10 years ago #

    i had the same problem too. but after i edited the "admin-functions.php" it worked...
    thank you :)

  16. samzuni
    Member
    Posted 10 years ago #

    I had the same problem. In my case it was because I had just installed the latest security upgrade to ZoneAlarm Pro, and it had turned "block private headers" ON for my website. I turned it back on for just that site, and it works fine now.

  17. webdevguy
    Member
    Posted 10 years ago #

    Just downloaded Firefox 1.0 and installed on Win2k. Using that browser, I can't delete links or posts in WordPress 1.2.1--I get the popup message, then I click OK, and nothing happens. If I copy and paste the link address directly, I get a page with the same message as the subject of this thread. Using IE and clicking the delete link, and then OK in the popup, works fine. Went back to Firefox and changed various config settings (go to about:config) that had the word referrer or referer in them, but nothing worked. I'm running the latest ZoneAlarm Pro 5.5.062.000 with Privacy and ID Lock controls off. Seems to be a Firefox issue?

  18. Anonymous
    Unregistered
    Posted 10 years ago #

    Thanks Josesilva,
    Your code worked perfectly and now I can remove, edit/change, links, as well as install plugins!
    http://www.commonsense.chrisdawson.us

  19. Beel
    Member
    Posted 10 years ago #

    Marvinux: Sorry you are having a problem. I don't know what the fix is for you but I have no problem running 5.0.2 and WP with what you describe. Hope you find what you need to change in your settings/files.

  20. 7milesdown
    Member
    Posted 10 years ago #

    that coding did the trick. I have like 3 firewalls, so its prety hard to disable all of them.

  21. 7milesdown
    Member
    Posted 10 years ago #

    Grrr. Are we going to get a permanent fix for this, or do I have to add this coding everytime I update my nightlies.

  22. Debbie
    Member
    Posted 10 years ago #

    I am also using ZoneAlarmPro. Once I added my site to my site list (Privacy-Site List) and enabled 3rd Party coookies, I was able to edit Links and Comments

  23. J3r0m3
    Member
    Posted 10 years ago #

    Just thought i point this out in case some did not know.

    If you are using Norton Internet Security, following the insturctions at http://codex.wordpress.org/Enable_Sending_Referrers
    really works. However when in keying in the name of the site, intead of keying in http://www.example.com try keying in example.com

    After i did this, i was able to say goodbyes to the "enable referrers" problem.

  24. mkyb14
    Member
    Posted 10 years ago #

    I have none of what's mentioned ... within norton antivirus everthing is disabled.. also the windows firewall updates and other crap ... i'm at a loss for what's happening. someone talked about editing the admin-functions.php ..... is there just something i can change?

  25. mkyb14
    Member
    Posted 10 years ago #

    nvm just comment out the line:
    // die('Sorry, you need to enable sending referrers, for this feature to ..

    just the two slashes on that line only takes care of a stupid coding error.

  26. badmin
    Member
    Posted 10 years ago #

    The suggestion in the 2nd response (by anonymous) worked for me, but it seems a little risky. It allows the operation to proceed, no matter what domain it came from. This basically disables the protection the function was meant to provide. I'm guessing Function check_admin_referer() is there for a good reason, so simply disabling it can't be a good idea.

    Changing the $referer value to 'localhost' if things don't match up and allowing the operation to proceed lets everything pass through. A better way of handling this may be to figure out if there is a logical reason why function check_admin_referer() is blocking the operation, and to make a specific accomodation for that case, only.

    First modify the die statement to print out the $adminurl and $referer data to the screen. Then you can see what is going on and why things aren't checking out. It is likely it is possible you can accomodate the one exception you are encountering while still protecting your site against hacking from all other referers.

    In my case, there is a good reason for $adminurl and $referer not to match up. But the way they don't match up is consistent. So I am able to check for this known exception while blocking all other exceptions from proceeding.

    To do this, change function check_admin_referer() to the following:

    function check_admin_referer() {
    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
    $referer = strtolower($_SERVER['HTTP_REFERER']);
    if ( !strstr($referer, $adminurl) && !strstr($referer, '[insert the permitted exception domain name here]') ) {
    die('ERROR: Forbidden. Your request for this operation must come from a permitted domain.');
    }
    }

  27. StuartFreeman
    Member
    Posted 10 years ago #

    I did some checking into this on my install, and the problem was that $adminurl was set to http://localhost/wordpress/wp-admin and $referer was set to http://localhost/wordpress/wp-admin/themes.php so the comparison fails because the referer includes the actual page which refered. This was with Apache 2.0.53, Firefox 1.0.1, and WordPress 1.5.0.

  28. herringbone
    Member
    Posted 10 years ago #

    Disabling the privacy in the firewall worked for me! I can't thank you enough!
    Herringbone

  29. raine
    Member
    Posted 10 years ago #

    This afternoon I installed a brand new WP 1.5 on a brand new database. I was into the WP admin within five minutes. But I spent the next five hours trying to figure out why I didn't have any admin functions. My troubles began when I tried to delete the comment that came with the installation!

    I'm running WindowsXP Home and have Firefox, IE6 and NS7.2 for browsing, along with ZoneAlarm5.5.062.011.

    I tried all the solutions offered in the Troubleshooting section of the codex, not to mention some of the admin-function.php rewrites. I even went so far as to delete the wp-admin directory and re-install a fresh version.

    Nothing worked.

    Until I shut down ZoneAlarm.

    Without the firewall, I could complete any admin function flawlessly.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.