Technique SVR3:Using HTTP referer to ensure that the only way to access non-conforming content is from conforming content

Description

The objective of this technique is to ensure that users can obtain an accessible version of content where both non-conforming and conforming versions are provided.

Conformance Requirement 1 allows non-conforming pages to be included within the scope of conformance as long as they have a conforming alternate version. It is not always possible for authors to include accessibility supported links to conforming content from within non-conforming content. Therefore, authors may need to rely on the use of Server Side Scripting technologies (ex. PHP, ASP, JSP) to ensure that the non-conforming version can only be reached from a conforming page.

This technique describes how to use information provided by the HTTP referer to ensure that non-conforming content can only be reached from a conforming page. The HTTP referer header is set by the user agent and contains the URI of the page (if any) which referred the user agent to the non-conforming page.

To implement this technique, an author identifies the URI for the conforming version of the content, for each non-conforming page. When a request for the non-conforming version of a page is received, the server compares the value of the HTTP referer header against the URI of the conforming version to determine whether the link to the non-conforming version came from the conforming version. The non-conforming version is only served if the HTTP referer matches the URI of the non-conforming version. Otherwise, the user is redirected to the conforming version of the content. Note that when comparing the URI in the HTTP referer header, non-relevant variations in the URI, such as in the query and target, should be taken into account.

Examples

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Conforming Content</title>
</head>
<body>
  <h1>This is a conforming page</h1>
  <p>From here, you can visit the <a href="non-conforming.php">non-conforming 
    page</a>.</p>
</body>
</html>

<?php 
// if the request comes from a file that contains the string "conforming.php" 
// then render the page
  if(stristr($_SERVER['HTTP_REFERER'], "conforming.php")) {
?>	
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Non-Conforming Content</title>
</head>
<body>
  <h1>This is a non-conforming page</h1>
  <p>Because you came from <?php echo $_SERVER['HTTP_REFERER']; ?>, 
   you are able to view the content on this page.</p>
</body>
</html>
<?php
 }
// if the referring page is not conforming.php, then redirect the user to 
// the conforming version
else  {
header("Location: conforming.php");
}
?>

Related Techniques

• G136: Providing a link at the beginning of a nonconforming Web page that points to a conforming alternate version
• G190: Providing a link adjacent to or associated with a non-conforming object that links to a conforming alternate version
• SVR2: Using .htaccess to ensure that the only way to access non-conforming content is from conforming content
• SVR4: Allowing users to provide preferences for the display of conforming alternate versions
• C29: Using a style switcher to provide a conforming alternate version

Tests