Chrome不会发送"if-none-match"HTTPS中的标头(但以HTTP发送) [英] Chrome doesn't send "if-none-match" header in HTTPS (but sends it in HTTP)
问题描述
tl; dr:Chrome不会发送"If-None-Match"HTTPS请求的标头,但发送HTTP请求的标头.Firefox始终以HTTPS和HTTP发送"If-None-Match".
当我遇到Chrome的怪异行为时,我正在尝试为节点服务器优化Cookie管理.我将尝试对其进行描述,并将其与Firefox进行比较.
首先,这是我用来测试此服务器的 HTTP 节点服务器:
<代码>#!/usr/bin/env节点使用严格";const express = require('express');const cors = require('cors');const compression = require('compression');const pathUtils = require('path');const fs = require('fs');const http = require('http');让app = express();app.disable('x-powered by');app.use(函数(req,res,next){res.set('Cache-control','no-cache');console.log(req.headers);下一个();});app.use(express.json({limit:'50mb'}));app.use(cors());app.use(compression({}));让服务器= http.createServer(app);app.get('/api/test',(req,res)=> {res.status(200).send(fs.readFileSync(pathUtils.join(__ dirname,'dummy.txt'))));});server.listen(1234);
还有客户端代码:
<!DOCTYPE html>< html lang ="en">< head><元字符集="UTF-8";/>< meta http-equiv =与X-UA兼容";content ="IE = edge"/><元名称=视口"内容=宽度=设备宽度,初始比例= 1.0."/>< title>文档</title></head><身体>< script>let test = fetch('http://localhost:1234/api/test',{模式:'no-cors'}).then((res)=> {返回res.text();}).then((resText)=> console.log(resText));</script></body></html>
我使用标头"no-cache"强制客户端重新验证响应.如果我正确理解了缓存的工作方式,则希望客户端发送带有"If-None-Match"的请求.标头具有上一个请求的电子标签,并且服务器以304代码进行响应.
这是我在Firefox中刷新页面时的结果(因此至少已经收到一个响应).我嵌入了请求标头的服务器日志.在此,标题"If-None-Match"是是按客户要求发送的.
现在,使用Chrome进行相同的测试可以得出:
好吧,这里的Chrome显示了200个响应代码,但实际上,它是服务器发送的304个响应,这是该Wireshark捕获所显示的:
如您所见,Chrome会发送"If-None-Match"标头带有正确的电子标签,因此响应为304.
现在,让我们使用HTTPS尝试一下.在服务器代码中,我只是将 require('http');
替换为 require('https')
,然后将我的ssl密钥传递给 createServer
选项(如
我包括了wireshark捕获.如您所见,一切正常,Firefox具有预期的行为.
现在让我们看看Chrome的情况:
这是我的问题:如您所见,"If-None-Match"不是由Chrome发送的.因此,如预期的那样,服务器将返回200响应,这可以在Wireshark捕获中看到(我刷新了页面两次,这就是为什么有2个交换的原因).
有人知道Chrome为什么会有这种奇怪的行为吗?
我认为这是因为您没有在设置本地主机的证书中设置的.
转到设置并添加它:)
tl;dr: Chrome is not sending "If-None-Match" header for HTTPS request but sends it for HTTP request. Firefox always send "If-None-Match", both in HTTPS and HTTP.
I was trying to optimize cookies management for my node server when I came across a weird behavior with Chrome. I will try to describe it and compare it with Firefox.
First, here is the HTTP node server I'm using to test this:
#!/usr/bin/env node
'use strict';
const express = require('express');
const cors = require('cors');
const compression = require('compression');
const pathUtils = require('path');
const fs = require('fs');
const http = require('http');
let app = express();
app.disable('x-powered-by');
app.use(function (req, res, next) {
res.set('Cache-control', 'no-cache');
console.log(req.headers);
next();
});
app.use(express.json({ limit: '50mb' }));
app.use(cors());
app.use(compression({}));
let server = http.createServer(app);
app.get('/api/test', (req, res) => {
res.status(200).send(fs.readFileSync(pathUtils.join(__dirname, 'dummy.txt')));
});
server.listen(1234);
And there the client code :
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Document</title>
</head>
<body>
<script>
let test = fetch('http://localhost:1234/api/test', { mode: 'no-cors' })
.then((res) => {
return res.text();
})
.then((resText) => console.log(resText));
</script>
</body>
</html>
I use the header "no-cache" to force the client to re-validate the response. If I've understood correctly how the cache work, I'm expecting client to send the request with the "If-None-Match" header having the previous request's e-tag and the server responding with a 304 code.
Here is the result when I refresh the page in Firefox (so at least one response has already be received). I embedded the server log of the request header. Here the header "If-None-Match" is sent by the client request, as expected.
Now the same test with Chrome gives :
Well, here Chrome shows a 200 response code, but under the hood, it's really a 304 response that is sent by the server, which is shown by this wireshark capture :
As you can see, Chrome send the "If-None-Match" header with the correct e-tag, hence the 304 response.
So now, let's try this with HTTPS. In the server code, I just replaced require('http');
by require('https')
and pass my ssl keys in createServer
options (as described here)
So first, Firefox behaviour:
I've included the wireshark capture. And as you can see, everything is right, Firefox has the expected behaviour.
Now let's see the same thing with Chrome :
Here is my problem : as you can see, "If-None-Match" is not sent by Chrome. So as expected, the server returns a 200 response which can be seen in the wireshark capture (I refreshed the page twice, that's why there are 2 exchanges).
Do anyone have an idea on why Chrome has this weird behaviour?
I think it happened because you didn't set in your setting the certificat of your localhost.
Go to the settings and add it :)
这篇关于Chrome不会发送"if-none-match"HTTPS中的标头(但以HTTP发送)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!