现在的位置: 首页 > 综合 > 正文

HTTPS下请求HTTP时客户端不带Referer头部

2018年04月08日 ⁄ 综合 ⁄ 共 1278字 ⁄ 字号 评论关闭
作者:zhanhailiang 日期:2015-01-08

今天,测试发现在
https://mlogin.vip.com/user-login.html?back_act=http%3A%2F%2Fm.vip.com%2Fuser.html

下上报监控数据
http://mstats.vip.com/v1/timing/m?_t=1420647129290&p2=240&p4=377&t0=0&t1=63&t2=474&t3=642&t4=1&t6=411&t7=919&t8=3&t9=1059

老是报412:

GET http://mstats.vip.com/v1/timing/m?_t=1420647129290&p2=240&p4=377&t0=0&t1=63&t2=474&t3=642&t4=1&t6=411&t7=919&t8=3&t9=1059 412 (Precondition Failed)

看了监控平台的代码,返回状态码412是因为监控平台需要通过Referer头部来判断平台,但是该次请求却无Referer头部:

GET /v1/timing/m?_t=1420647129290&p2=240&p4=377&t0=0&t1=63&t2=474&t3=642&t4=1&t6=411&t7=919&t8=3&t9=1059 HTTP/1.1
Host: mstats.vip.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: m_vip_province=104104; WAP[p_wh]=VIP_NH; warehouse=VIP_NH; wap_A1_sign=1; wap_consumer=A1; mars_pid=105; mars_cid=1420628456366_8d67e997a179843a61b1d3151d6bb9db; mars_sid=a4148eed668a36b75d29c288580f7099; visit_id=628ED24779611F6233FA107A22B83450

确实请求头没有Referer头部,原来是因为HTTP协议规定:

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

参考文章:

  1. [原]HTTPS 与 Referer 头部丢失的问题

抱歉!评论已关闭.