req.headers.origin未定义 [英] req.headers.origin is undefined

问题描述

Node and Express的新手.我有一个sails.js应用程序，它依赖于知道请求的来源，因为我需要验证请求来自于已注册的域.

Fairly new to Node and Express. I have a sails.js app that relies on knowing the origin of a request as I need to authenticate the request is coming from a domain that is registered.

我在日志中看到原点有时是空的，为什么会这样呢?依靠origin属性不是一个好主意，还有其他选择吗?

I've seen in the logs that the origin is empty occasionally, why would this be happening? Is it not a good idea to rely on the origin property, is there another option?

谢谢

推荐答案

如果用户来自ssl加密网站，则可能隐藏了来源.

The origin may be hidden if the user comes from an ssl encrypted website.

另外:某些浏览器扩展程序从http-request标头中删除了原始和引用，因此origin属性将为空.

Also: Some browser extensions remove origin and referer from the http-request headers, and therefore the origin property will be empty.

您可能想要创建某种身份验证令牌并将其作为参数传递，而不是依赖于请求标头.尤其是因为标头可以被伪造/操纵.

You might want to create some sort of authentication token and pass it as a parameter, instead on relying on request headers. Especially since the headers can be faked/manipulated.

这篇关于req.headers.origin未定义的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！