Node.js中的欺骗来源标头 [英] Spoof Origin header in Node.js

问题描述

我有一个运行express的node.js服务器.我正在尝试为此编写一些测试，以便将来在其他人可以使用它时确认标准行为.服务器专门处理请求的标头，引荐来源和原始字段.使用Jquery的ajax方法，我能够将ajax请求发送到服务器.我发现我可以设置引荐来源网址字段.但是，我似乎无法设置原点.有什么方法可以欺骗node.js中的源?

I have a node.js server running express. I'm trying to write several tests for it in order to confirm standard behavior in the future when someone else may work on it. The server processes the request's header, the referrer and origin fields specifically. Using Jquery's ajax method, I was able to send ajax requests to the server. I found that I was able to set the referrer field. However, I can't seem to set the origin. Is there any way to spoof the origin in node.js?

为了澄清起见，我不是通过浏览器运行此代码，而是通过命令行运行.通常，ajax调用将在网页上运行，但是由于我正在编写要从Mocha运行的测试，因此未设置源.

For clarification, I'm not running this code through a browser, but from the command line. Normally the ajax call would be run from a webpage, but as I'm writing tests to be run from Mocha, the origin isn't set.

推荐答案

由于安全原因，浏览器不允许您手动设置请求来源.要欺骗您的请求来源，您必须将请求设置为服务器端:

Due to security reasons, the browser will not allow you to manually set your request origins. To spoof your request origin, you will have to make the request server-side:

var http = require('http');

var opt = {
    host: 'yoursite.com',
    path: '/test',
    headers: { origin: 'http://spoofedorigin.com'}
};

http.get( opt );

这篇关于Node.js中的欺骗来源标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！