Eve Browser HTML - Headers And Trust
The Eve browser has the ability to send information to a webserver
regarding the person accessing it. Specifically, it can send details on
the user and their current location.
Checking For Trust
When the Eve browser sends a request to a client it sends an extra header,
labelled 'eve.trusted'. This can either be 'no' for a site that is not
trusted, or 'yes' for a site that is. Any page that requires the advanced
headers will need to check this variable and act accordingly.
Asking For Trust
If the eve.trusted header is set to no the page can ask to be trusted by
sending a reply header of 'eve.trustme'. The format of this header is as
follows:
eve.trustme:[url of website to trust]::[message to display to user when asking for trust]
Where the '::message to display to user when asking for trust' is optional.
When receiving this message the browser will display a standard dialogue
box, along with any header-specified message that might have been sent to
the user and ask for them to decide to trust you or not. If you are not
trusted then the rest of the page that was sent will be displayed, if you
are trusted then the request is re-sent with an 'eve.trusted' header now
set to 'yes'.
Note that the 'url of website to trust' can be set to a domain, for example
'.mcdee.net', and trust will then be extended to all hosts in that domain.
Trusted Site Headers
Sites that are trusted will receive a set of headers that provide
user-specific information. The full list of the headers is provided below:
- eve.charname - the name of the user's character (note that this is
not the user's account name)
- eve.corpname - the name of the corporation of which the user is a
member
- eve.corprole - the roles that the user has in the corporation. This
is a numerical value which is the sum of the values of the roles which
you have within the corporation. The values for the individual roles are
as follows (note that you can carry out a bitwise AND operation to see if
a user has a particular role or not)
- 1 - Director
- 128 - Personnel Manager
- 256 - Accountant
- 512 - Security Manager
- 1024 - Factory Manager
- 2048 - Station Manager
- 4096 - Auditor
- 8192 - Can take from division 1 hangar
- 16384 - Can take from division 2 hangar
- 32768 - Can take from division 3 hangar
- 65536 - Can take from division 4 hangar
- 131072 - Can take from division 5 hangar
- 262144 - Can take from division 6 hangar
- 524288 - Can take from division 7 hangar
- 1048576 - Can query division 1 hangar
- 2097152 - Can query division 2 hangar
- 4194304 - Can query division 3 hangar
- 8388608 - Can query division 4 hangar
- 16777216 - Can query division 5 hangar
- 33554432 - Can query division 6 hangar
- 67108864 - Can query division 7 hangar
- 134217728 - Can take from division 1 accounts
- 268435456 - Can take from division 2 accounts
- 536870912 - Can take from division 3 accounts
- 1073741824 - Can take from division 4 accounts
- 2147483648 - Can take from division 5 accounts
- 4294967296 - Can take from division 6 accounts
- 8589934592 - Can take from division 7 accounts
- 17179869184 - Can query division 1 accounts
- 34359738368 - Can query division 2 accounts
- 68719476736 - Can query division 3 accounts
- 137438953472 - Can query division 4 accounts
- 274877906944 - Can query division 5 accounts
- 549755813888 - Can query division 6 accounts
- 1099511627776 - Can query division 7 accounts
- 2199023255552 - Equipment config/Deploy space
- eve.regionname - the name of the region in which the user is
currently located
- eve.constellationname - the name of the constellation in which the
user is currently located
- eve.solarsystemname - the name of the solar system in which the user
is currently located
- eve.stationname - the name of the station in which the user is
currently located. If the user is not in a station at the time that the
request is made then this header will report 'None'
Word of Warning
The information provided by the client can be considered authentic, but it
is possible for a knowledgeable person to mimic the operation of the client
and provide misleading information to the webserver. As such if you really
want to trust that the person requesting a web page is who they say they
are then you should ask for another level of identification, such as a
password, to be sure that the connection is not being faked.
Test/Example
An example page that asks for a user's trust and if received displays all
available EVE-specific headers supplied by the client is available here. The source for this
program is available here.