req.headers.origin未定义 [英] req.headers.origin is undefined
问题描述
Node and Express的新手.我有一个sails.js应用程序,它依赖于知道请求的来源,因为我需要验证请求来自于已注册的域.
Fairly new to Node and Express. I have a sails.js app that relies on knowing the origin of a request as I need to authenticate the request is coming from a domain that is registered.
我在日志中看到原点有时是空的,为什么会这样呢?依靠origin属性不是一个好主意,还有其他选择吗?
I've seen in the logs that the origin is empty occasionally, why would this be happening? Is it not a good idea to rely on the origin property, is there another option?
谢谢
推荐答案
如果用户来自ssl加密网站,则可能隐藏了来源.
The origin may be hidden if the user comes from an ssl encrypted website.
另外:某些浏览器扩展程序从http-request标头中删除了原始和引用,因此origin属性将为空.
Also: Some browser extensions remove origin and referer from the http-request headers, and therefore the origin property will be empty.
您可能想要创建某种身份验证令牌并将其作为参数传递,而不是依赖于请求标头.尤其是因为标头可以被伪造/操纵.
You might want to create some sort of authentication token and pass it as a parameter, instead on relying on request headers. Especially since the headers can be faked/manipulated.
这篇关于req.headers.origin未定义的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!