We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
最近在测试后端 API 时,发现在不同的设备、浏览器上请求同一个 API 时,后端收到的 Referer 是不同的。于是 Google 了一番,发现原来是不同的浏览器设置了不同的 Referrer-Policy。
Referer
Referrer-Policy
strict-origin-when-cross-origin
no-referrer-when-downgrade
为了加强隐私安全,预计各浏览器最终都会将 Referrer-Policy 设置为 strict-origin-when-cross-origin。
Origin
知识点:Origin由三部分组成:<scheme> "://" <hostname> [ ":" <port> ]
scheme
hostname
port
The text was updated successfully, but these errors were encountered:
No branches or pull requests
问题起因
最近在测试后端 API 时,发现在不同的设备、浏览器上请求同一个 API 时,后端收到的
Referer
是不同的。于是 Google 了一番,发现原来是不同的浏览器设置了不同的Referrer-Policy
。目前各浏览器
Referrer-Policy
设置strict-origin-when-cross-origin
no-referrer-when-downgrade
strict-origin-when-cross-origin
未来趋势
为了加强隐私安全,预计各浏览器最终都会将
Referrer-Policy
设置为strict-origin-when-cross-origin
。Referrer-Policy
字段值含义strict-origin-when-cross-origin
:如果跨域,则Referer
字段值为Origin
的值;如果没有跨域,则Referer
字段值为完整 URL。no-referrer-when-downgrade
:如果是从 HTTPS 向 HTTP 发起请求,则Referer
字段值为Origin
的值,否则为完整 URL。知识点:
Origin
由三部分组成:<scheme> "://" <hostname> [ ":" <port> ]scheme
为协议,通常是 HTTP 或 HTTPShostname
为主机名,也就是域名或者 IPport
为服务器在监听的 TCP 端口号,默认值为 80参考资料
Referrer-Policy
字段各种值的含义The text was updated successfully, but these errors were encountered: