Internet Explorer http referer问题 [英] Internet Explorer http referer issue
问题描述
似乎我遇到了Internet Explorer 7的问题。
我有一个html页面,其中包含指向另一台服务器上的文件的链接。我链接的服务器检查请求的引用者,如果引用者有效,它允许访问资源。它在firefox 2和3中运行正常(因为我的html页面所在的服务器是一个有效的引用程序)但在Internet Explorer中它不起作用,另一台服务器拒绝我的资源(生成一个http 403错误)。我正在做一些搜索并偶然发现这个 http://support.microsoft.com/kb/178066我已经尝试了https和http中的html页面和我连接的服务器相同的东西,但我没有得到任何Internet Explorer。我该怎么做才能解决这个问题?
it seems I have run into a problem with Internet Explorer 7. I have an html page that has links to files on another server. The server I am linking to checks the referrer of the request and if the referrer is valid, it allows access to the resource. It works fine in firefox 2 and 3 (as the server my html page is located on is a valid referer) but in internet explorer it doesn't work, the other server denies me the resource(generates an http 403 error). I was doing some searching and stumbled on this http://support.microsoft.com/kb/178066 and I have tried the html page in both https and http and same thing for the server I am connecting to but I get nothing Internet explorer. what can I do to work around this?
谢谢
推荐答案
无论如何,您可能想要使用不同的机制。推荐人很容易被欺骗。检查引用者确实不是一个好的安全解决方案,如果它们会让你头疼这样,也许你想找到另一种方式。
You may want to use a different mechanism anyway. Referrers are easily spoofed. Checking referrers really isn't a good security solution, and if they're going to cause you headaches like this, maybe you want to find another way.
例如,生成第一页的服务器可以向第二服务器的URL添加授权令牌,第二服务器可以检查令牌是否有效。这样,所有细节都在您的控制之下,您所依赖的唯一浏览器行为是将完整的URL发送到第二台服务器。
For example, the server generating the first page could add an authorization token to the URLs to the second server, and the second server could check that the tokens are valid. This way, all of the details are under your control, and the only browser behavior you're counting on is that the full URL is sent to the second server.
这篇关于Internet Explorer http referer问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
