header referer 与 document.referrer 不同

Question

这是我的请求 header：

GET / HTTP/1.1
Host: localhost:3002
Connection: keep-alive
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
sec-ch-ua-platform: "Linux"
Accept: */*
Origin: http://127.0.0.1:5500
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:5500/new.html
Accept-Encoding: gzip, deflate, br
Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7
If-None-Match: W/"c-Lve95gjOVATpfV8EL5X4nxwjKHE"

Request URL: http://localhost:3002/
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:3002
Referrer Policy: unsafe-url

我的控制台返回 document.referrer 和 location.href：

document.referrer
'http://127.0.0.1:5500/test.html'
location.href
'http://127.0.0.1:5500/new.html'

测试.html：

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="referrer" content="unsafe-url"/>
    <title>Document</title>
</head>
<body>
    <a href="/new.html" target="_blank"  referrerpolicy="unsafe-url">test</a>

</html>

new.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="referrer" content="unsafe-url"/>
    <title>Document</title>
</head>
<body>
    <script>
        setTimeout(() =>{
            console.log(fetch("http://localhost:3002/"))
        }, 4000)
    
    </script>
</body>
</html>

如您所见，header referer 与 document.referrer 不同，甚至可以从上一页获取 referer 并将其设置为 referer header？

Answer 1

如您所见， header 引荐来源网址与 document.referrer 不同

因为您在不同文档中要求浏览器被不同文档引用的引用者。

浏览器要求/因为new.html告诉它要求它。 引用者是new.html 。

甚至可以从上一页获取referer并将其设置为referer header？

不，您不能让浏览器对引用它的内容撒谎。