为什么 Referer 有足够的信息时 Origin 和 Referer headers?
Why have Origin and Referer headers when Referer has enough information?
如果 Referer header 无论如何都有 Origin,那么两者都有什么意义?
如果接收到 HTTP 请求的服务器想知道 Origin,它可以只查看 Referer 中的域 header。
我明白 Referer header 如果是 HTTPS 到 HTTP 请求(以及许多其他场景)则不会发送,但是他们为什么不设计它所以它没有删除它,它仍然被发送,但它只有域名(Origin header 会有什么)?
In order to preserve privacy, any browser request can decide to omit
the Referer header. So it is probably best to only check the Origin
header. (In case you want to allow for users to preserve their
privacy)
The Origin header is null in some cases. Note that all of these
requests are GET requests, which means they should not have any side
effects.
如果 Referer header 无论如何都有 Origin,那么两者都有什么意义?
如果接收到 HTTP 请求的服务器想知道 Origin,它可以只查看 Referer 中的域 header。
我明白 Referer header 如果是 HTTPS 到 HTTP 请求(以及许多其他场景)则不会发送,但是他们为什么不设计它所以它没有删除它,它仍然被发送,但它只有域名(Origin header 会有什么)?
In order to preserve privacy, any browser request can decide to omit the Referer header. So it is probably best to only check the Origin header. (In case you want to allow for users to preserve their privacy)
The Origin header is null in some cases. Note that all of these requests are GET requests, which means they should not have any side effects.