为什么 Twitter 的 t.co 会出现在 Referer 中,而 URL 缩短器从来没有出现过?
Why Twitter's t.co shows up in Referer, but no URL shorteners ever do?
我注意到我的 access_log 文件中有一大堆 Referer 链接,例如 t.co/oPQO7Xdz,但没有其他 URL 缩短器出现。为什么?
URL 缩短器永远不会出现,因为 HTTP 301 Moved Permanently et al redirects in HTTP are not designed to influence the Referer HTTP Request Header(显然,即使 header 为空白,也不会出现,可能是因为它会导致行为不一致,否则).
但是,如果 Twitter 发现它认为是流行的桌面或移动设备 User-Agent,它不会使用其 t.co 服务发布 301 Moved Permanently 重定向。由于重定向是在 HTTP 堆栈之外完成的,因此随后的 brand-new HTTP 请求中的 Referer 字段将被组合以包含负责重定向的先前 HTML 页面,导致 t.co 条目出现在 access_log.
中
% curl -v -A"iPhone;" t.co/oPQO7Xdz
* About to connect() to t.co port 80 (#0)
* Trying 104.244.42.5...
* connected
* Connected to t.co (104.244.42.5) port 80 (#0)
> GET /oPQO7Xdz HTTP/1.1
> User-Agent: iPhone;
> Host: t.co
> Accept: */*
>
< HTTP/1.1 200 OK
< cache-control: private,max-age=300
< content-length: 258
< content-security-policy: referrer always;
< content-type: text/html; charset=utf-8
< date: Thu, 07 Jul 2016 05:24:16 GMT
< expires: Thu, 07 Jul 2016 05:29:16 GMT
< server: tsa_o
< set-cookie: muc=1f43e292-e319-4818-ba81-f12d16e5b629; Expires=Tue, 19 Jun 2018 05:24:16 UTC; Domain=t.co
< x-connection-hash: 0dc5a2a6a7e83ac2d7fb207eb0cedf84
< x-response-time: 115
< x-xss-protection: 1; mode=block
<
* Connection #0 to host t.co left intact
<head><meta name="referrer" content="always"><noscript><META http-equiv="refresh" content="0;URL=http://mdoc.su/n/curl"></noscript><title>http://mdoc.su/n/curl</title></head><script>window.opener = null; location.replace("http:\/\/mdoc.su\/n\/curl")</script>* Closing connection #0
将此与其他情况下发生的情况进行比较(这是大多数其他 URL 缩短器重定向的唯一方式,它将保留 HTTP 请求首次到达 HTTP 堆栈时出现的 Referer浏览器):
% curl -v t.co/oPQO7Xdz
* About to connect() to t.co port 80 (#0)
* Trying 104.244.42.69...
* connected
* Connected to t.co (104.244.42.69) port 80 (#0)
> GET /oPQO7Xdz HTTP/1.1
> User-Agent: curl/7.26.0
> Host: t.co
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< cache-control: private,max-age=300
< content-length: 0
< date: Thu, 07 Jul 2016 05:24:40 GMT
< expires: Thu, 07 Jul 2016 05:29:40 GMT
< location: http://mdoc.su/n/curl
< server: tsa_o
< set-cookie: muc=2c727b50-311f-4043-9861-9f703996a8a8; Expires=Tue, 19 Jun 2018 05:24:40 UTC; Domain=t.co
< x-connection-hash: 5583cc49ddbcefe8fac9ba392ca868fd
< x-response-time: 103
<
* Connection #0 to host t.co left intact
* Closing connection #0
我注意到我的 access_log 文件中有一大堆 Referer 链接,例如 t.co/oPQO7Xdz,但没有其他 URL 缩短器出现。为什么?
URL 缩短器永远不会出现,因为 HTTP 301 Moved Permanently et al redirects in HTTP are not designed to influence the Referer HTTP Request Header(显然,即使 header 为空白,也不会出现,可能是因为它会导致行为不一致,否则).
但是,如果 Twitter 发现它认为是流行的桌面或移动设备 User-Agent,它不会使用其 t.co 服务发布 301 Moved Permanently 重定向。由于重定向是在 HTTP 堆栈之外完成的,因此随后的 brand-new HTTP 请求中的 Referer 字段将被组合以包含负责重定向的先前 HTML 页面,导致 t.co 条目出现在 access_log.
% curl -v -A"iPhone;" t.co/oPQO7Xdz
* About to connect() to t.co port 80 (#0)
* Trying 104.244.42.5...
* connected
* Connected to t.co (104.244.42.5) port 80 (#0)
> GET /oPQO7Xdz HTTP/1.1
> User-Agent: iPhone;
> Host: t.co
> Accept: */*
>
< HTTP/1.1 200 OK
< cache-control: private,max-age=300
< content-length: 258
< content-security-policy: referrer always;
< content-type: text/html; charset=utf-8
< date: Thu, 07 Jul 2016 05:24:16 GMT
< expires: Thu, 07 Jul 2016 05:29:16 GMT
< server: tsa_o
< set-cookie: muc=1f43e292-e319-4818-ba81-f12d16e5b629; Expires=Tue, 19 Jun 2018 05:24:16 UTC; Domain=t.co
< x-connection-hash: 0dc5a2a6a7e83ac2d7fb207eb0cedf84
< x-response-time: 115
< x-xss-protection: 1; mode=block
<
* Connection #0 to host t.co left intact
<head><meta name="referrer" content="always"><noscript><META http-equiv="refresh" content="0;URL=http://mdoc.su/n/curl"></noscript><title>http://mdoc.su/n/curl</title></head><script>window.opener = null; location.replace("http:\/\/mdoc.su\/n\/curl")</script>* Closing connection #0
将此与其他情况下发生的情况进行比较(这是大多数其他 URL 缩短器重定向的唯一方式,它将保留 HTTP 请求首次到达 HTTP 堆栈时出现的 Referer浏览器):
% curl -v t.co/oPQO7Xdz
* About to connect() to t.co port 80 (#0)
* Trying 104.244.42.69...
* connected
* Connected to t.co (104.244.42.69) port 80 (#0)
> GET /oPQO7Xdz HTTP/1.1
> User-Agent: curl/7.26.0
> Host: t.co
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< cache-control: private,max-age=300
< content-length: 0
< date: Thu, 07 Jul 2016 05:24:40 GMT
< expires: Thu, 07 Jul 2016 05:29:40 GMT
< location: http://mdoc.su/n/curl
< server: tsa_o
< set-cookie: muc=2c727b50-311f-4043-9861-9f703996a8a8; Expires=Tue, 19 Jun 2018 05:24:40 UTC; Domain=t.co
< x-connection-hash: 5583cc49ddbcefe8fac9ba392ca868fd
< x-response-time: 103
<
* Connection #0 to host t.co left intact
* Closing connection #0