ajax可以伪造的头部信息

发布时间：2020-12-15 21:00:39 所属栏目：百科来源：网络整理

导读：ajax可以伪造部分header头信息,但有部分http header并不能被模拟,会被忽略或在浏览器发送请求时覆盖掉. 如下文,另外 refer是会被浏览器覆盖掉的. http://www.w3school.com.cn/xmldom/dom_xmlserializer.asp#footer 有些请求头部由 XMLHttpRequest 自动设置而

ajax可以伪造部分header头信息,但有部分http header并不能被模拟,会被忽略或在浏览器发送请求时覆盖掉.

如下文,另外 refer是会被浏览器覆盖掉的.

http://www.w3school.com.cn/xmldom/dom_xmlserializer.asp#footer

有些请求头部由 XMLHttpRequest 自动设置而不是由这个方法设置，以符合 HTTP 协议。这包括如下和代理相关的头部：

Host
Connection
Keep-Alive
Accept-charset
Accept-Encoding
If-Modified-Since
If-None-Match
If-Range
Range

http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/#dfn-setrequestheader

User agentsmustnot set any headers other than the headers set by the author using this method,with the following exceptions:

UAsmustset theHostheader appropriately (seeopen()) and not allow it to be overridden.
UAsmustset theAuthorizationheader according to the values passed to theopen()method (butmustallow calls tosetRequestHeader()to append values to it).
UAsmayset theAccept-CharsetandAccept-Encodingheaders andmust notallow them to be overridden.
UAsmayset theIf-Modified-Since,If-None-Match,If-Range,andRangeheaders if the resource is cached and has not expired (as allowed by HTTP),andmust notallow those headers to be overridden.
UAsmustset theConnectionandKeep-Aliveheaders as described by the HTTP specification,andmust notallow those headers to be overridden.
UAsshouldset the proxy-related headers according to proxy settings of the environment,andmust notallow those headers to be overridden.
UAsmaygive theUser-Agentheader an initial value,butmustallow authors to append values to it.
UAsshouldsetCookieandCookie2headers appropriately for the given URI and given the user's current cookies,andmustallow authors to append values to these headers.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!