如何判断用户是否来自 https 域名?
如果用户已登录,我有一个页面将用户(JavaScript)重定向到“帐户管理”页面(在 https 域上)。如果没有,该页面会向他们显示如何登录的说明。
一旦他们完成更新根据他们的偏好,有一个“返回内容”链接,可将用户带回之前的 URL。问题是,由于用户此时已登录,因此会触发重定向并将他们直接发送回其帐户管理页面。
我以为我可以通过查看 https 域中的引荐来源标头来确定这一点,但遗憾的是,它们不存在于 https 中(据我所知)。
JSP:
request.getHeader("referer");
//returns null
我尝试使用 JavaScript 动态附加 URL 和参数,然后我可以在再次触发重定向之前检查该参数。
JavaScript
window.location.pathname += "?test=1";
这会导致重定向循环,但我不知道修改 URL 路径的另一种方法。
由于工作中的访问限制,除了我的页面模板之外,我无法使用任何其他内容。我无法修改 https 服务器上的任何内容,也无法修改 htaccess。
那么,由于这些限制,我如何确定用户是否从 https 域访问了我的页面?
I have a page that redirects users (JavaScript) to an "account admin" page (on an https domain) if the user is logged in. If not, the page shows them instructions on how to log in.
Once they're done updating their preferences, there's "back to content" link that takes the user back to the previous URL. The problem is that since users are logged in by this point, the redirect fires and sends them right back to their account admin page.
I thought I could determine this by looking at the referrer header from the https domain, but alas, they don't exist for https (as far as I can tell).
JSP:
request.getHeader("referer");
//returns null
I tried using JavaScript to dynamically append the URL with a parameter that I could then check for before firing the redirect again.
JavaScript
window.location.pathname += "?test=1";
This causes a redirect loop, but I don't know of another way to modify the URL path.
Due to access limitations at work, I can't work in anything but my page template. I can't modify anything on the https server, nor htaccess.
So, with those limitations, how can I figure out if a user has come to my page from the https domain?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
获取引用 URL
如果您要向 URL 添加不应该发送到服务器而是供页面使用的信息,则使用哈希,而不是查询。这 ”?”仅当您将数据发送到服务器进行处理时才应使用
此链接会将“dontdoanything”附加到网址哈希中,而无需重新加载页面。
编辑:所以我做了一些研究,似乎没有快速的方法来做到这一点(即
document.referrer)。但这些方法无论如何都不是很可靠。我听说如果在新选项卡或窗口中打开链接,web-kit(可能是旧版本,现在已修复)将删除引用信息,即使是 http 到 http。您似乎完全在自己的网站上工作,因此我会考虑在 URI 中使用 cookie 或哈希。您可以在重定向时在 cookie 或哈希中设置一些变量,并在页面加载时将其读取为状态标志。当然,您可以让 Cookie 保留一段时间,也可以保留在您域中的所有页面上。您可能已经将会话信息存储在您甚至可以检查的 cookie 中。
如果您从不在您的域中的页面进行重定向,我建议您为这些网站提供特定的链接,并在 URI 中包含特定的哈希值,您可以在数据库中引用该链接来获取引荐来源网址。
希望这有帮助...
To get referring URL
If you are adding information to the URL that should not be sent to the server, but rather for the page to use, then use a hash, not a query. The "?" should only be used if you are sending data to the server for processing
This Link will append "dontdoanything" to the url hash, without reloading the page.
EDIT: So I did some research and it doesn't seem like there is a quick way to do it (i.e.
document.referrer). But those methods are not very reliable anyway. I have heard that web-kit (may be older versions, and is fixed now) will drop the referrer information if the link is opened in a new tab or window, even for http to http.It would seem that you are working completely on your own site, so I would consider using cookies or a hash in the URI. You could just set some variable within the cookie or hash when redirecting back and read it as a status flag when the page loads. You can of course have cookies persist for periods of time, as well as across all pages on your domain. There is a possibility that you already have session information stored in a cookie that you could even check.
If you were redirecting from pages not on your domain, I would suggest supplying those sites with a specific link, with a specific hash in the URI, that you can reference in your database to get the referrer.
Hope this helps...