request.getHeader("referer")，而不是返回按钮重新加载页面 [英] request.getHeader("referer"), than back button reload the page

问题描述

JSP1链接到JSP2.

JSP1 links to JSP2.

JSP2调用一个执行某些操作并以以下内容结尾的servlet:

JSP2 call a servlet that does some stuff and ends with:

response.sendRedirect(request.getHeader("referer"));
return;

这时，我回到JSP2. 问题在于，从那里按浏览器的后退按钮，页面只是重新加载自身，而不是返回JSP1. 这是正确的，因为sendRedirect在历史记录中添加了一个条目.

At this point I'm back to JSP2. The problem is that pressing the browser back button from there, the page simply reload itself instead of going back to JSP1. This is correct becouse the sendRedirect adds an entry to the history.

但是我想回到JSP1. 有提示吗?

But I want to go back to JSP1. Any tips?

推荐答案

出于各种敏感的原因，您根本不应在控制器操作中完全依赖引用标头.您已经发现至少一个.此标头并非总是由客户端发送的，或者它的值可能实际上并不代表真实的引荐来源.某些浏览器，代理甚至是防病毒配置可能会隐藏，更改甚至混淆引荐来源标头.出于统计目的，请最高使用它.

You shouldn't rely on the referrer header in controller actions at all for various sensitive reasons. You've already found out at least one. This header isn't always been sent by the client or its value may not actually represent the real referrer. Some browser, proxy and even anti-virus configurations may hide, change or even obfuscate the referrer header. Use it at highest for statistical purposes.

而是将from作为请求参数传递，

Rather pass the from as a request parameter instead,

<input type="hidden" name="from" value="${pageContext.request.requestURI}" />

具有这种逻辑(省略了验证)

with this logic (validation omitted)

response.sendRedirect(request.getParameter("from"));

或者，更好的是，如果它始终是基于其他请求参数的同一JSP，则只需在服务器端完全对其进行硬编码/配置.

Or, better, if it's always the one and same JSP based on other request parameters, just hardcode/configure it fully in the server side.

这篇关于request.getHeader("referer")，而不是返回按钮重新加载页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！