(关于POST请求的问题)有没有办法发送一个POST请求,然后在外部302的情况下取回检索到的资源?
(questions about POST requests) Is there a way to send a POST request and then get back the retrieved resource in the event of a 302 externally?
这有点令人困惑,但我会尽力正确解释它,非常感谢对此的回答。
假设我有端点“example.com/login”,它显示一个带有登录表单的 HTML 页面,在提交时向“example.com/login"(是本身)和凭据(如下所示),然后在成功验证后显示另一个 HTML 页面(示例。com/user/records),显示您的详细信息(例如您的数据记录和东西).
我打算做的是访问显示数据的 HTML 页面,方法是使用 Javascript 和凭据从外部发送 POST 请求,然后以某种方式接收 HTML 用于数据记录页面作为我们通常通过 GET 请求获得的字符串响应(这甚至可能吗?)。
发送所述请求后,它会在网络选项卡中显示:
(远程地址已修改为用 0 替换所有数字)
Request URL: https://example.com/login
Request Method: POST
Status Code: 302
Remote Address: 000.000.000.000:000
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 30 Nov 2020 22:43:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://example.com/user/records
pragma: no-cache
server: Apache
Request Headers:
:authority: example.com
:method: POST
:path: /login
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en
cache-control: max-age=0
content-length: 47
content-type: application/x-www-form-urlencoded
cookie: roundcube_cookies=enabled; timezone=Asia/Baghdad; resetpasscookie=kUcAf8R5ue5VsOVM; webmailsession=%3af5nnuvNuUHvJaAWn%2c73236ca3fe2776acd45d97c7fffdfd79; whostmgrsession=%3alTiPVRgz7acX0SQG%2c97f0382efe30423a72f3caefec64192f; cpsession=%3arm4IkcjwHaihjbFR%2c859b30622f8d57aebed715dea4d2791e; ci_session=2vofur1iqi6sgrurb1s2dtb5f0tfggi8
origin: https://example.com
referer: https://example.com/login
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Form Data:
ci_csrf_token:
username: abc
password: 123
第一个问题:这些饼干到底是从哪里来的?? (如果它们是由服务器设置的,那么我仍然可以按照我的计划进行吗?)
我只是直接从选项中将该请求复制为节点获取请求,并 运行 它在 Visual Studio 外部代码中(现在没有以任何方式连接到该网站)并得到了这个:
(假设存在详细信息用户名:abc,密码:123 的帐户 - 我刚刚替换了凭据)
Response {
size: 0,
timeout: 0,
[Symbol(Body internals)]: {
body: PassThrough {
_readableState: [ReadableState],
_events: [Object: null prototype],
_eventsCount: 5,
_maxListeners: undefined,
_writableState: [WritableState],
allowHalfOpen: true,
[Symbol(kCapture)]: false,
[Symbol(kTransformState)]: [Object]
},
disturbed: false,
error: null
},
[Symbol(Response internals)]: {
url: 'https://example.com/login',
status: 200,
statusText: 'OK',
headers: Headers { [Symbol(map)]: [Object: null prototype] },
counter: 2
}
} Headers {
[Symbol(map)]: [Object: null prototype] {
date: [ 'Mon, 30 Nov 2020 22:54:12 GMT' ],
server: [ 'Apache' ],
expires: [ 'Thu, 19 Nov 1981 08:52:00 GMT' ],
'cache-control': [ 'no-store, no-cache, must-revalidate' ],
pragma: [ 'no-cache' ],
'set-cookie': [
'ci_session=06ujfc27fpp73a01nia1dp3pehsskep5; expires=Tue, 01-Dec-2020 00:54:12 GMT; Max-Age=7200; path=/; HttpOnly'
],
upgrade: [ 'h2,h2c' ],
connection: [ 'Upgrade, close' ],
'transfer-encoding': [ 'chunked' ],
'content-type': [ 'text/html; charset=UTF-8' ]
}
}
第二个问题)为什么我在这里收到代码 200,而在浏览器上收到代码 302?
无论如何,我计划通过复制通过登录表单发送的 post 请求并提供各种正确的凭据来验证自己,这样我就可以在外部使用 Javascript 访问他们的详细信息,然后操纵它们。
如果这行不通,还有其他方法吗?或者如果可以,那么怎么做?
我意识到在某些情况下可以通过在使用 fetch 时向选项提供 {"redirect": "follow"} 来解决。
这有点令人困惑,但我会尽力正确解释它,非常感谢对此的回答。
假设我有端点“example.com/login”,它显示一个带有登录表单的 HTML 页面,在提交时向“example.com/login"(是本身)和凭据(如下所示),然后在成功验证后显示另一个 HTML 页面(示例。com/user/records),显示您的详细信息(例如您的数据记录和东西).
我打算做的是访问显示数据的 HTML 页面,方法是使用 Javascript 和凭据从外部发送 POST 请求,然后以某种方式接收 HTML 用于数据记录页面作为我们通常通过 GET 请求获得的字符串响应(这甚至可能吗?)。
发送所述请求后,它会在网络选项卡中显示: (远程地址已修改为用 0 替换所有数字)
Request URL: https://example.com/login
Request Method: POST
Status Code: 302
Remote Address: 000.000.000.000:000
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 30 Nov 2020 22:43:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://example.com/user/records
pragma: no-cache
server: Apache
Request Headers:
:authority: example.com
:method: POST
:path: /login
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en
cache-control: max-age=0
content-length: 47
content-type: application/x-www-form-urlencoded
cookie: roundcube_cookies=enabled; timezone=Asia/Baghdad; resetpasscookie=kUcAf8R5ue5VsOVM; webmailsession=%3af5nnuvNuUHvJaAWn%2c73236ca3fe2776acd45d97c7fffdfd79; whostmgrsession=%3alTiPVRgz7acX0SQG%2c97f0382efe30423a72f3caefec64192f; cpsession=%3arm4IkcjwHaihjbFR%2c859b30622f8d57aebed715dea4d2791e; ci_session=2vofur1iqi6sgrurb1s2dtb5f0tfggi8
origin: https://example.com
referer: https://example.com/login
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Form Data:
ci_csrf_token:
username: abc
password: 123
第一个问题:这些饼干到底是从哪里来的?? (如果它们是由服务器设置的,那么我仍然可以按照我的计划进行吗?)
我只是直接从选项中将该请求复制为节点获取请求,并 运行 它在 Visual Studio 外部代码中(现在没有以任何方式连接到该网站)并得到了这个: (假设存在详细信息用户名:abc,密码:123 的帐户 - 我刚刚替换了凭据)
Response {
size: 0,
timeout: 0,
[Symbol(Body internals)]: {
body: PassThrough {
_readableState: [ReadableState],
_events: [Object: null prototype],
_eventsCount: 5,
_maxListeners: undefined,
_writableState: [WritableState],
allowHalfOpen: true,
[Symbol(kCapture)]: false,
[Symbol(kTransformState)]: [Object]
},
disturbed: false,
error: null
},
[Symbol(Response internals)]: {
url: 'https://example.com/login',
status: 200,
statusText: 'OK',
headers: Headers { [Symbol(map)]: [Object: null prototype] },
counter: 2
}
} Headers {
[Symbol(map)]: [Object: null prototype] {
date: [ 'Mon, 30 Nov 2020 22:54:12 GMT' ],
server: [ 'Apache' ],
expires: [ 'Thu, 19 Nov 1981 08:52:00 GMT' ],
'cache-control': [ 'no-store, no-cache, must-revalidate' ],
pragma: [ 'no-cache' ],
'set-cookie': [
'ci_session=06ujfc27fpp73a01nia1dp3pehsskep5; expires=Tue, 01-Dec-2020 00:54:12 GMT; Max-Age=7200; path=/; HttpOnly'
],
upgrade: [ 'h2,h2c' ],
connection: [ 'Upgrade, close' ],
'transfer-encoding': [ 'chunked' ],
'content-type': [ 'text/html; charset=UTF-8' ]
}
}
第二个问题)为什么我在这里收到代码 200,而在浏览器上收到代码 302?
无论如何,我计划通过复制通过登录表单发送的 post 请求并提供各种正确的凭据来验证自己,这样我就可以在外部使用 Javascript 访问他们的详细信息,然后操纵它们。
如果这行不通,还有其他方法吗?或者如果可以,那么怎么做?
我意识到在某些情况下可以通过在使用 fetch 时向选项提供 {"redirect": "follow"} 来解决。