gpt4 book ai didi

http - 什么情况下 HTTP referer 会被截断

转载 作者:可可西里 更新时间:2023-11-01 17:27:07 26 4
gpt4 key购买 nike

我正在尝试了解 HTTP 引用 header 的行为。我注意到有时 referer 是完整的(完整的 URL,包括路径和查询字符串)但大多数情况下它只包含域。

例如'https://www.google.com/ ' 而不是 'https://www.google.com/search?q=http+referer+truncated&oq=http+referer+truncated&aqs=chrome..69i57.6485j0j1&sourceid=chrome&ie=UTF-8#q=http+referer+is+not+full '

是否有关于何时引用和已满以及何时被截断的规则?

最佳答案

截至 2020 年 11 月的更新详情...

许多浏览器在发出跨域请求时开始默认使用更严格的引用策略 (strict-origin-when-cross-origin) 而不是旧的默认值 (no- referrer-when-downgrade).这通常会导致 url 被截断,但偶尔也意味着根本不会设置引荐来源网址 (no-referrer)。

这是一篇关于此的好文章的摘录: https://plausible.io/blog/referrer-policy

Chrome is using strict-origin-when-cross-origin from version 85. Strict-origin-when-cross-origin is where the full path is sent if on the same domain but only sends the domain itself if going to another domain. Previously it used no-referrer-when-downgrade.

Firefox is using no-referrer-when-downgrade by default. It always passes the full path unless the request is sent from HTTPS to HTTP. Firefox is using strict-origin-when-cross-origin in the Private Browsing tabs and for known trackers.

Edge is using no-referrer-when-downgrade. Same as Firefox.

Safari is using strict-origin-when-cross-origin. Same as Chrome.

Brave is using no-referrer where the referrer header is completely removed. It never shares the full URL even for same-origin requests and you cannot even see the domain name for cross-origin requests.

关于http - 什么情况下 HTTP referer 会被截断,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45011324/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com