Chrome不会发送"if-none-match"HTTPS中的标头(但以HTTP发送) [英] Chrome doesn't send "if-none-match" header in HTTPS (but sends it in HTTP)

问题描述

tl; dr:Chrome不会发送"If-None-Match"HTTPS请求的标头，但发送HTTP请求的标头.Firefox始终以HTTPS和HTTP发送"If-None-Match".

当我遇到Chrome的怪异行为时，我正在尝试为节点服务器优化Cookie管理.我将尝试对其进行描述，并将其与Firefox进行比较.

首先，这是我用来测试此服务器的 HTTP 节点服务器:

 <代码>#！/usr/bin/env节点使用严格"；const express = require('express');const cors = require('cors');const compression = require('compression');const pathUtils = require('path');const fs = require('fs');const http = require('http');让app = express();app.disable('x-powered by');app.use(函数(req，res，next){res.set('Cache-control'，'no-cache');console.log(req.headers);下一个();});app.use(express.json({limit:'50mb'}));app.use(cors());app.use(compression({}));让服务器= http.createServer(app);app.get('/api/test'，(req，res)=> {res.status(200).send(fs.readFileSync(pathUtils.join(__ dirname，'dummy.txt'))));});server.listen(1234); 

还有客户端代码:

 <！DOCTYPE html>< html lang ="en">< head><元字符集="UTF-8"；/>< meta http-equiv =与X-UA兼容"；content ="IE = edge"/><元名称=视口"内容＝宽度＝设备宽度，初始比例＝ 1.0."/>< title>文档</title></head><身体>< script>let test = fetch('http://localhost:1234/api/test'，{模式:'no-cors'}).then((res)=> {返回res.text();}).then((resText)=> console.log(resText));</script></body></html> 

我使用标头"no-cache"强制客户端重新验证响应.如果我正确理解了缓存的工作方式，则希望客户端发送带有"If-None-Match"的请求.标头具有上一个请求的电子标签，并且服务器以304代码进行响应.

这是我在Firefox中刷新页面时的结果(因此至少已经收到一个响应).我嵌入了请求标头的服务器日志.在此，标题"If-None-Match"是是按客户要求发送的.

现在，使用Chrome进行相同的测试可以得出:

好吧，这里的Chrome显示了200个响应代码，但实际上，它是服务器发送的304个响应，这是该Wireshark捕获所显示的:

如您所见，Chrome会发送"If-None-Match"标头带有正确的电子标签，因此响应为304.

现在，让我们使用HTTPS尝试一下.在服务器代码中，我只是将 require('http'); 替换为 require('https')，然后将我的ssl密钥传递给 createServer 选项(如

我包括了wireshark捕获.如您所见，一切正常，Firefox具有预期的行为.

现在让我们看看Chrome的情况:

这是我的问题:如您所见，"If-None-Match"不是由Chrome发送的.因此，如预期的那样，服务器将返回200响应，这可以在Wireshark捕获中看到(我刷新了页面两次，这就是为什么有2个交换的原因).

有人知道Chrome为什么会有这种奇怪的行为吗?

解决方案

我认为这是因为您没有在设置本地主机的证书中设置的.

转到设置并添加它:)

Chrome设置捕获

tl;dr: Chrome is not sending "If-None-Match" header for HTTPS request but sends it for HTTP request. Firefox always send "If-None-Match", both in HTTPS and HTTP.

I was trying to optimize cookies management for my node server when I came across a weird behavior with Chrome. I will try to describe it and compare it with Firefox.

First, here is the HTTP node server I'm using to test this:

#!/usr/bin/env node

'use strict';

const express = require('express');
const cors = require('cors');
const compression = require('compression');
const pathUtils = require('path');
const fs = require('fs');

const http = require('http');
let app = express();
app.disable('x-powered-by');
app.use(function (req, res, next) {
    res.set('Cache-control', 'no-cache');
    console.log(req.headers);
    next();
});

app.use(express.json({ limit: '50mb' }));
app.use(cors());
app.use(compression({}));

let server = http.createServer(app);

app.get('/api/test', (req, res) => {
    res.status(200).send(fs.readFileSync(pathUtils.join(__dirname, 'dummy.txt')));
});

server.listen(1234);

And there the client code :

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
        <title>Document</title>
    </head>
    <body>
        <script>
            let test = fetch('http://localhost:1234/api/test', { mode: 'no-cors' })
                .then((res) => {
                    return res.text();
                })
                .then((resText) => console.log(resText));
        </script>
    </body>
</html>

I use the header "no-cache" to force the client to re-validate the response. If I've understood correctly how the cache work, I'm expecting client to send the request with the "If-None-Match" header having the previous request's e-tag and the server responding with a 304 code.

Here is the result when I refresh the page in Firefox (so at least one response has already be received). I embedded the server log of the request header. Here the header "If-None-Match" is sent by the client request, as expected.

Now the same test with Chrome gives :

Well, here Chrome shows a 200 response code, but under the hood, it's really a 304 response that is sent by the server, which is shown by this wireshark capture :

As you can see, Chrome send the "If-None-Match" header with the correct e-tag, hence the 304 response.

So now, let's try this with HTTPS. In the server code, I just replaced require('http'); by require('https') and pass my ssl keys in createServer options (as described here)

So first, Firefox behaviour:

I've included the wireshark capture. And as you can see, everything is right, Firefox has the expected behaviour.

Now let's see the same thing with Chrome :

Here is my problem : as you can see, "If-None-Match" is not sent by Chrome. So as expected, the server returns a 200 response which can be seen in the wireshark capture (I refreshed the page twice, that's why there are 2 exchanges).

Do anyone have an idea on why Chrome has this weird behaviour?

解决方案

I think it happened because you didn't set in your setting the certificat of your localhost.

Go to the settings and add it :)

chrome settings capture

这篇关于Chrome不会发送"if-none-match"HTTPS中的标头(但以HTTP发送)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！