当前位置: 文江博客话题详情

JavaScript window.location 未在请求标头中设置引用地址

发布于 2024-10-12 23:11:33 字数 472 浏览 3 评论 0原文

我知道在请求标头中依赖 Referer 是不正确的。但我的问题是,如果我使用 window.location,为什么 IE 不将 Referer 设置为请求标头?有什么想法或修复吗?

这不会在请求标头中设置 Referer

function load1() {
   window.location = "https://" + serverURL + "/path/folder/page.aspx";
}

<a href="javascript:load1()">Link 1</a>

虽然设置了

<a href="https://hardcode.server.url/path/folder/page.aspx">Link 1</a>
原文

I understand relying on Referer in the request header is not right. But my question is, why IE does not set Referer to the Request Header if I use window.location? Any thoughts or fixes?

This does not set Referer in the Request header:

function load1() {
   window.location = "https://" + serverURL + "/path/folder/page.aspx";
}

<a href="javascript:load1()">Link 1</a>

While this sets:

<a href="https://hardcode.server.url/path/folder/page.aspx">Link 1</a>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

笑脸一如从前 2024-10-19 23:11:33

您的帖子标题显示您希望使用 JavaScript 以编程方式更改当前页面,但仍提供 HTTP 引用(据我所知,使用 标记仅用于测试用例)。

您需要注意跨浏览器问题:

  • 在以下浏览器下更改 window.location.href 时会设置 HTTP 引用标头 (HTTP-Referer):
    • MSIE 9(但可能是 9 以上的任何版本)

    • Firefox(至少 3.0、3.5、4.0、5.0,但很可能是所有版本)
    • Chrome(至少 9 个版本,但很可能是所有版本)
    • Safari(至少 5 个版本,但很可能是所有版本)

    • Opera(至少 11 个版本,但很可能是所有版本)
  • MSIE(至少 6、7、8):更改 window.location.href设置引荐来源网址(这就是为什么某些伪解决方案基于 myLink.click()
  • Firefox(至少3.0、3.5、4.0)click功能不存在(这就是为什么基于myLink.click()的伪解决方案 code> 不起作用)
  • Firefox 5click 功能在 Firefox 5 下存在,但不存在
    更改窗口位置,因此所有方法都依赖于
    myLink.click() 方法的存在将不起作用。调用 myLink.onclick()myLink.onClick() 会引发错误(“onclick 不是函数”),因此 基于这些调用的解决方案将不起作用。

为了管理这些跨浏览器问题,我使用以下方法:

function navigateToUrl(url) {
    var f = document.createElement("FORM");
    f.action = url;

    var indexQM = url.indexOf("?");
    if (indexQM>=0) {
        // the URL has parameters => convert them to hidden form inputs
        var params = url.substring(indexQM+1).split("&");
        for (var i=0; i<params.length; i++) {
            var keyValuePair = params[i].split("=");
            var input = document.createElement("INPUT");
            input.type="hidden";
            input.name  = keyValuePair[0];
            input.value = keyValuePair[1];
            f.appendChild(input);
        }
    }

    document.body.appendChild(f);
    f.submit();
}

navigateToUrl("http://foo.com/bar");

此解决方案适用于上面列出的所有浏览器风格和版本。它的优点是简单、多浏览器、易于理解。
请注意,这尚未在 HTTPS 下进行测试。

Your post title shows that you want to change the current page programmatically using JavaScript but still having the HTTP referrer provided (from what I understood, using a <a> tag is just for a test case).

You need to be aware of cross-browser issues:

  • The HTTP referrer header (HTTP-Referer) is set when changing window.location.href under the following browsers:
    • MSIE 9 (but probably any version above 9)
    • Firefox (at least 3.0, 3.5, 4.0, 5.0, but most probably all versions)
    • Chrome (at least 9, but most probably all versions)
    • Safari (at least 5, but most probably all versions)
    • Opera (at least 11, but most probably all versions)
  • MSIE (at least 6, 7, 8): the referrer is not set when changing window.location.href (this is why some pseudo-solutions are based on myLink.click())
  • Firefox (at least 3.0, 3.5, 4.0): the click function does not exist (this is why pseudo-solutions based on myLink.click() do not work)
  • Firefox 5 : the click function exists under Firefox 5 but does not
    change the window location, so all the methods relying on the
    existence of the myLink.click() method will not work. Calling myLink.onclick() or myLink.onClick() raise an error ("onclick is not a function"), so solutions based on these calls will not work.

In order to manage these cross-browser issues, I'm using the following method:

function navigateToUrl(url) {
    var f = document.createElement("FORM");
    f.action = url;

    var indexQM = url.indexOf("?");
    if (indexQM>=0) {
        // the URL has parameters => convert them to hidden form inputs
        var params = url.substring(indexQM+1).split("&");
        for (var i=0; i<params.length; i++) {
            var keyValuePair = params[i].split("=");
            var input = document.createElement("INPUT");
            input.type="hidden";
            input.name  = keyValuePair[0];
            input.value = keyValuePair[1];
            f.appendChild(input);
        }
    }

    document.body.appendChild(f);
    f.submit();
}

navigateToUrl("http://foo.com/bar");

This solution works on all the browser flavors and version listed above. It has the advantage to be simple, multi-browser and easy to understand.
Note that this has not been tested under HTTPS.

回复 原文
手心的海 2024-10-19 23:11:33

设置 window.location 与跟踪该页面上的链接不同。当用户在浏览器地址栏中输入 URL 时,它会启动一个新的页面请求。

我确实设法找到了解决方法:

function goTo(url)
{
    var a = document.createElement("a");
    if(!a.click) //for IE
    {
         window.location = url;
         return;
    }
    a.setAttribute("href", url);
    a.style.display = "none";
    document.body.appendChild(a);
    a.click();
}

它在页面上创建一个链接并模拟单击。结果是 window.location 发生更改,并填充引荐来源网址。

http://ianso.blogspot.com/2006 /01/referer-header-not-set-on-http.html

Setting window.location is not the same as following a link on that page. It starts a new request for the page as thought the user typed the URL into the browser's address bar.

I did manage to locate a workaround:

function goTo(url)
{
    var a = document.createElement("a");
    if(!a.click) //for IE
    {
         window.location = url;
         return;
    }
    a.setAttribute("href", url);
    a.style.display = "none";
    document.body.appendChild(a);
    a.click();
}

It creates a link on the page and simulates a click. The result is a change in window.location and the referrer is populated.

http://ianso.blogspot.com/2006/01/referer-header-not-set-on-http.html

回复 原文
感情洁癖 2024-10-19 23:11:33

我没有足够的观点来评论埃文的答案来建议更正,所以我所能做的就是在这里发布更正。简而言之,document.createElement(a) 缺少引号,应改为 document.createElement("a")。这应该也能解决 Kevin 对 FF5 的担忧。

我写的整个函数:

function goTo(url)
{
    var a = document.createElement("a");
    if (a.click)
    {
        // HTML5 browsers and IE support click() on <a>, early FF does not.
        a.setAttribute("href", url);
        a.style.display = "none";
        document.body.appendChild(a);
        a.click();
    } else {
        // Early FF can, however, use this usual method
        // where IE cannot with secure links.
        window.location = url;
    }
}

这适用于我们的 HTTPS 环境,支持 IE7、IE8、FF3、FF7 和 Chrome。所以我想它也适用于 FF5。如果没有此解决方法,当尝试设置 window.location 时,我们会在 IE7 和 IE8 中收到 403 错误。对于沙乐提出的IE为什么要这样做的问题,我只能猜测是他们认为IE太不安全了。我在 IE 中遇到了类似的 window.open 问题,我也必须解决这个问题。

I don't have enough points to comment on Evan's answer to suggest a correction so all I can do is post the correction here. In short, document.createElement(a) is missing quotes and should be document.createElement("a") instead. This should fix Kevin's concern about FF5 as well.

The whole function as I wrote it:

function goTo(url)
{
    var a = document.createElement("a");
    if (a.click)
    {
        // HTML5 browsers and IE support click() on <a>, early FF does not.
        a.setAttribute("href", url);
        a.style.display = "none";
        document.body.appendChild(a);
        a.click();
    } else {
        // Early FF can, however, use this usual method
        // where IE cannot with secure links.
        window.location = url;
    }
}

This works in our HTTPS environment with IE7, IE8, FF3, FF7, and Chrome. So I imagine it works in FF5 as well. Without this workaround we get 403 errors in IE7 and IE8 when trying to set window.location. Regarding Sha Le's question as to why IE does this, I can only guess is that they believe it to be too insecure. I had a similar problem with window.open in IE that I had to work around as well.

回复 原文
久而酒知 2024-10-19 23:11:33

是否可以通过 JavaScript 触发链接(或任何元素)的点击事件? 使用 createEvent/dispatchEvent 或 createEventObject/fireEvent 解决方案。

Is it possible to trigger a link's (or any element's) click event through JavaScript? uses a createEvent/dispatchEvent or createEventObject/fireEvent solution.

回复 原文
月亮坠入山谷 2024-10-19 23:11:33

好的。我有同样的问题,但我想在我的 Scrapper 应用程序中重定向 URL。我在本地主机上运行我的 scrapper 应用程序,也在服务器上运行,并且服务器上我想重定向到的一些 URL 是 IP,所以我添加了 URL 验证。希望这对其他人有帮助。

function redirect(url) {  
    // Validate URL  
    const isValidUrl = (str) => {  
        const pattern = new RegExp('^(https?:\\/\\/)?' + // protocol  
            '(((([a-z0-9](?:[a-z0-9-]*[a-z0-9])?)\\.)+([a-z]{2,}|[a-z0-9-]{2,}\\.\\w{2,}))|' + // domain name  
            'localhost|' + // localhost  
            '\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|' + // ip (v4)  
            '\\[?[a-f0-9]*:[a-f0-9:%.~%#&+?=]*\\])' + // ipv6  
            '(\\:\\d+)?(\\/[-a-z0-9+&@#/%?=~_|!:,.;]*)*' + // path  
            '(\\?[;&a-z0-9%_.~+=-]*)?' + // query string  
            '(\\#[-a-z0-9_+.~]*)?

示例:


redirect('127.0.0.1:8080/nodesite/blog/1);


, 'i'); // fragment locator  
        return !!pattern.test(str);
    };

    if (!isValidUrl(url)) {
        console.error('Invalid URL:', url);
        return;//stop scrapper
    }

    // Create a link
    const anchor = document.createElement('a');
    anchor.href = url;  
    anchor.target = '_self';//open in current tab
    document.body.appendChild(anchor);
    if (typeof anchor.click === 'function') {
        anchor.click();
    } else {
        // Fallback for IE
        window.location.href = url;
    }
    document.body.removeChild(anchor);
}

示例:

OK. I have the same problem but with URLs that I wanna redirect in my Scrapper app .. I run my scrapper app on localhost and also on the server and some URLs on the server that i wanna redirect to are IPs so I added URL validation. hope this helps others.
function redirect(url) {  
    // Validate URL  
    const isValidUrl = (str) => {  
        const pattern = new RegExp('^(https?:\\/\\/)?' + // protocol  
            '(((([a-z0-9](?:[a-z0-9-]*[a-z0-9])?)\\.)+([a-z]{2,}|[a-z0-9-]{2,}\\.\\w{2,}))|' + // domain name  
            'localhost|' + // localhost  
            '\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|' + // ip (v4)  
            '\\[?[a-f0-9]*:[a-f0-9:%.~%#&+?=]*\\])' + // ipv6  
            '(\\:\\d+)?(\\/[-a-z0-9+&@#/%?=~_|!:,.;]*)*' + // path  
            '(\\?[;&a-z0-9%_.~+=-]*)?' + // query string  
            '(\\#[-a-z0-9_+.~]*)?

Examples:


redirect('127.0.0.1:8080/nodesite/blog/1);


, 'i'); // fragment locator  
        return !!pattern.test(str);
    };

    if (!isValidUrl(url)) {
        console.error('Invalid URL:', url);
        return;//stop scrapper
    }

    // Create a link
    const anchor = document.createElement('a');
    anchor.href = url;  
    anchor.target = '_self';//open in current tab
    document.body.appendChild(anchor);
    if (typeof anchor.click === 'function') {
        anchor.click();
    } else {
        // Fallback for IE
        window.location.href = url;
    }
    document.body.removeChild(anchor);
}

Examples:
 回复 原文 
捎一片雪花 2024-10-19 23:11:33
是的,你的也有效,但最终做了:
<a href="#" id="linkOne">Link 1</a>

<script type="text/javascript">
   document.getElementById("linkOne").href = "https://" + serverURL + "/path/folder/page.aspx";
</script>

Yeap, yours works as well, but ended up doing:
<a href="#" id="linkOne">Link 1</a>

<script type="text/javascript">
   document.getElementById("linkOne").href = "https://" + serverURL + "/path/folder/page.aspx";
</script>

 回复 原文 
~没有更多了~
关于作者
 ↙厌世
暂无简介
0 文章
0 评论
22 人气
 发私信
相关话题
更多 
热门标签
操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多 
推荐作者
烙印
文章 0 评论 0
singlesman
文章 0 评论 0
给自己一个微笑
文章 0 评论 0
独孤求败
文章 0 评论 0
晨钟暮鼓
文章 0 评论 0
我是自愿种绣球花的
文章 0 评论 0
更多 
友情链接
文江博客
       
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
     
    原文