Safari移动设备和桌面设备隐藏了完整的引荐来源网址:为什么? [英] Safari mobile and desktop are hiding full referrer URL: why?

问题描述

我有一个网站， www.a.com

在该网站中，我在 https://www.a.com/mypage 上提供了一个包含以下内容的页面:

 < script src ='https://www.b.com/anotherpage'></script> 

如果我从每个浏览器访问， b.com 都会以http引荐来源网址收到该消息:

https://www.a.com/mypage

但是，如果我从Safari移动版或台式机访问，引荐来源网址为:

https://www.a.com/

为什么?如何强制Safari发送完整的引荐来源网址?

示例:

来自Safari，b.com日志:

  123.45.678.901--[06/Jun/2020:00:32:03 +0200]"GET/anotherpage/HTTP/1.1" 200 0"https://www.a.com/""Mozilla/5.0(iPhone； CPU iPhone OS 13_4_1，例如Mac OS X)AppleWebKit/605.1.15(KHTML，例如Gecko)版本/13.1移动版/15E148 Safari/604.1" 

从另一个浏览器:

  123.45.678.901--[06/Jun/2020:00:31:34 +0200]"GET/anotherpage/HTTP/1.1" 200 0"https://www.a.com/mypage/" Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML，如Gecko)Chrome/83.0.4103.61 Safari/537.36 

我尝试添加以下内容:

 <元名称="referrer" content =不安全的网址"> 

或这个

 <元名称="referrer" content =始终"> 

访问 https://www.a.com/mypage 的&head; ，但无济于事.

解决方案

Safari中的错误行为(引荐来源网址仅设置为域，而没有URI)与 Prevent跨站点跟踪已启用.设置:

 <元名称=引荐来源网址"内容＝降级时没有引荐来源人".< meta http-equiv ='Referrer-Policy'content ='no-referrer-when-downgrade'> 

或在元素(iframe，脚本代码等)上设置 referrerPolicy =" no-referrer-when-downgrade"

不影响它.

请参见 https://www.arcolatheatre.com/disable-prevent-cross-site-tracking/

希望这对某人有帮助

I have a website, www.a.com

In that website, I serve a page at https://www.a.com/mypage that contains this:

<script src='https://www.b.com/anotherpage'></script>

If I visit from every browser, b.com will receive this as http referrer:

https://www.a.com/mypage

However, if I visit from Safari mobile or desktop, the referrer becomes:

https://www.a.com/

Why? How can I force Safari to send the full referrer?

Example:

from Safari, b.com logs:

123.45.678.901 - - [06/Jun/2020:00:32:03 +0200] "GET /anotherpage/ HTTP/1.1" 200 0 "https://www.a.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"

from another browser:

123.45.678.901 - - [06/Jun/2020:00:31:34 +0200] "GET /anotherpage/ HTTP/1.1" 200 0 "https://www.a.com/mypage/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"

I've tried adding this:

<meta name="referrer" content="unsafe-url">

or this

<meta name="referrer" content="always">

to the <head> of https://www.a.com/mypage but to no avail.

解决方案

The incorrect behaviour in Safari (referrer being set to the domain only, without the URI), pertains to the fact that Prevent cross-site tracking is enabled. Setting:

<meta name="referrer" content="no-referrer-when-downgrade">
<meta http-equiv='Referrer-Policy' content='no-referrer-when-downgrade'>

or setting referrerPolicy="no-referrer-when-downgrade" on the element (iframe, script tag, etc)

does not affect it.

See https://www.arcolatheatre.com/disable-prevent-cross-site-tracking/

Hope this helps someone,

这篇关于Safari移动设备和桌面设备隐藏了完整的引荐来源网址:为什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！