[英]JavaScript window.location does not set referer in the request header
I understand relying on Referer in the request header is not right. 我理解在请求标头中依赖Referer是不对的。 But my question is, why IE does not set Referer to the Request Header if I use
window.location
? 但我的问题是,如果我使用
window.location
,为什么IE不将Referer设置为Request Header? Any thoughts or fixes? 有什么想法或修正?
This does not set Referer in the Request header : 这不会在Request标头中设置Referer :
function load1() {
window.location = "https://" + serverURL + "/path/folder/page.aspx";
}
<a href="javascript:load1()">Link 1</a>
While this sets : 虽然这设置 :
<a href="https://hardcode.server.url/path/folder/page.aspx">Link 1</a>
Your post title shows that you want to change the current page programmatically using JavaScript but still having the HTTP referrer provided (from what I understood, using a <a>
tag is just for a test case). 您的帖子标题显示您想要使用JavaScript以编程方式更改当前页面但仍然提供HTTP引用(根据我的理解,使用
<a>
标签仅用于测试用例)。
You need to be aware of cross-browser issues: 您需要了解跨浏览器问题:
window.location.href
under the following browsers: window.location.href
时设置HTTP引用标头(HTTP-Referer):
window.location.href
(this is why some pseudo-solutions are based on myLink.click()
) window.location.href
时没有设置referrer(这就是为什么一些伪解决方案基于myLink.click()
) click
function does not exist (this is why pseudo-solutions based on myLink.click()
do not work) myLink.click()
) : click
功能不存在(这就是为什么基于myLink.click()
伪解决方案不起作用的原因) click
function exists under Firefox 5 but does not change the window location, so all the methods relying on the existence of the myLink.click()
method will not work. click
功能,但不会更改窗口位置,因此所有依赖myLink.click()
方法存在的方法都不起作用。 Calling myLink.onclick()
or myLink.onClick()
raise an error ("onclick is not a function"), so solutions based on these calls will not work. myLink.onclick()
或myLink.onClick()
引发错误(“onclick不是函数”),因此基于这些调用的解决方案将无法正常工作。 In order to manage these cross-browser issues, I'm using the following method: 为了管理这些跨浏览器问题,我使用以下方法:
function navigateToUrl(url) {
var f = document.createElement("FORM");
f.action = url;
var indexQM = url.indexOf("?");
if (indexQM>=0) {
// the URL has parameters => convert them to hidden form inputs
var params = url.substring(indexQM+1).split("&");
for (var i=0; i<params.length; i++) {
var keyValuePair = params[i].split("=");
var input = document.createElement("INPUT");
input.type="hidden";
input.name = keyValuePair[0];
input.value = keyValuePair[1];
f.appendChild(input);
}
}
document.body.appendChild(f);
f.submit();
}
navigateToUrl("http://foo.com/bar");
This solution works on all the browser flavors and version listed above. 此解决方案适用于上面列出的所有浏览器风格和版本。 It has the advantage to be simple, multi-browser and easy to understand.
它具有简单,多浏览器和易于理解的优点。 Note that this has not been tested under HTTP S .
请注意,这尚未在HTTP S下测试。
Setting window.location
is not the same as following a link on that page. 设置
window.location
与跟踪该页面上的链接不同。 It starts a new request for the page as thought the user typed the URL into the browser's address bar. 它开始对页面的新请求,因为用户在浏览器的地址栏中输入了URL。
I did manage to locate a workaround: 我确实找到了一个解决方法:
function goTo(url)
{
var a = document.createElement("a");
if(!a.click) //for IE
{
window.location = url;
return;
}
a.setAttribute("href", url);
a.style.display = "none";
document.body.appendChild(a);
a.click();
}
It creates a link on the page and simulates a click. 它在页面上创建一个链接并模拟点击。 The result is a change in
window.location
and the referrer is populated. 结果是
window.location
发生了变化,并填充了引用者。
http://ianso.blogspot.com/2006/01/referer-header-not-set-on-http.html http://ianso.blogspot.com/2006/01/referer-header-not-set-on-http.html
I don't have enough points to comment on Evan's answer to suggest a correction so all I can do is post the correction here. 我没有足够的评论来评论Evan建议进行修正的答案,所以我能做的就是在这里发布修正。 In short,
document.createElement(a)
is missing quotes and should be document.createElement("a")
instead. 简而言之,
document.createElement(a)
缺少引号,而应该是document.createElement("a")
。 This should fix Kevin's concern about FF5 as well. 这应该可以解决Kevin对FF5的担忧。
The whole function as I wrote it: 我写的整个功能:
function goTo(url)
{
var a = document.createElement("a");
if (a.click)
{
// HTML5 browsers and IE support click() on <a>, early FF does not.
a.setAttribute("href", url);
a.style.display = "none";
document.body.appendChild(a);
a.click();
} else {
// Early FF can, however, use this usual method
// where IE cannot with secure links.
window.location = url;
}
}
This works in our HTTPS environment with IE7, IE8, FF3, FF7, and Chrome. 这适用于我们的HTTPS环境,包括IE7,IE8,FF3,FF7和Chrome。 So I imagine it works in FF5 as well.
所以我想它也适用于FF5。 Without this workaround we get 403 errors in IE7 and IE8 when trying to set window.location.
如果没有这种解决方法,我们在尝试设置window.location时会在IE7和IE8中收到403错误。 Regarding Sha Le's question as to why IE does this, I can only guess is that they believe it to be too insecure.
关于Sha Le关于为什么IE这样做的问题,我只能猜测他们认为它太不安全了。 I had a similar problem with window.open in IE that I had to work around as well.
我在IE中的window.open也有类似的问题,我也必须解决这个问题。
Is it possible to trigger a link's (or any element's) click event through JavaScript? 是否可以通过JavaScript触发链接(或任何元素)的点击事件? uses a createEvent/dispatchEvent or createEventObject/fireEvent solution.
使用createEvent / dispatchEvent或createEventObject / fireEvent解决方案。
Yeap, yours works as well, but ended up doing: 是的,你的工作也很好,但最终做了:
<a href="#" id="linkOne">Link 1</a>
<script type="text/javascript">
document.getElementById("linkOne").href = "https://" + serverURL + "/path/folder/page.aspx";
</script>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.