»

由于安全原因,从https网页跳转到http网页时无法获取referrer信息

    网络安全  
爬虫Apache网站优化FAQ又拍云CDN建站访客IISwindows主机插件web.configCDN浏览器CDN的问题网络安全缓存wordpressWordPress插件工作客户申请状态网站镜像防盗链cookies访问

最近遇到了这个问题,即想通过 referrer 追踪某网页的来源,结果发现有些来源无法实现,因为设置 referrer 时并不能抓取到,找了好半天原因,终于发现了:从 https 跳转到 http 时,https 中的 referrer 信息并不能传递给 http 页面,也就是说浏览器不发送 referer 信息。

http 协议是这样规定的:

Because the source of a link might be private information or might reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information.

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead

原来是由于安全原因,防止 https 页面信息以明文暴露。

 

如果我们非要将 https 页面的 referrer 信息传递到 http 页面,可以在 https 页面增加 meta 标签:

本文禁止住转载。任何形式转载请联系作者(时光在路上 www.timezls.com)。时光在路上保留所有权利

<meta content="always" name="referrer" />

当然,还有一个办法,从http页面考虑,可以升级,从http升级到https协议。

时光在路上扫码阅读、分享
  • 版权声明:该文章由 时光在路上 发表,共 1072字。除非特别标注来源,否则为原创。详见《版权声明》部分。
  • 转载请注明:文章标题和文章链接 - 时光在路上 - 也可直接“复制本文链接” 或 使用右边二维码分享本文 →