[英]Why are some iOS devices sending OPTIONS requests with Origin: null?
On a website I'm working on, we're seeing quite a few OPTIONS
requests from iOS devices that look like CORS preflight checks , but which have Origin: null
. 在我正在工作的网站上,我们看到来自iOS设备的很多
OPTIONS
请求,这些请求看起来像CORS飞行前检查 ,但具有Origin: null
。 Does anyone know what might be causing such requests to be sent with Origin: null
rather than the correct origin? 有谁知道是什么原因导致使用
Origin: null
而不是正确的Origin: null
发送此类请求?
The user agents that I've seen exhibiting this behaviour are: 我看到的表现出这种行为的用户代理是:
Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B206
Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3
Mozilla/5.0 (iPod; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9B206
Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3
Mozilla/5.0 (iPod; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3
Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3
Mozilla/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3
In practice, it's not a problem to deal with these requests (just refuse them), but I'm curious to know if there's some particular set of circumstances that is causing this. 实际上,处理这些请求不是问题(只是拒绝它们),但是我很好奇是否有某些特殊情况导致这种情况。 The only situation I've seen described where the
Origin
header might be set to null
is when the origin is a file:///
URL, and that seems very unlikely - the referer in each of these cases looks like a normal page view of the site. 我所看到的描述
Origin
标头可能设置为null
的唯一情况是,当Origin
是file:///
URL时,这似乎不太可能-在每种情况下,引用都看起来像是网站。
This question is related but this blog post explains the problem and solution. 这个问题是相关的,但是此博客文章解释了该问题和解决方案。
If you've seen this behavior in your application, you should be able to fix it by using “Content-Disposition: inline” and not “Content-Disposition: attachment”.
如果您已在应用程序中看到此行为,则应该能够使用“ Content-Disposition:inline”而不是“ Content-Disposition:Attachment”来修复它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.