Safari移动设备和桌面设备隐藏了完整的引荐来源网址:为什么? [英] Safari mobile and desktop are hiding full referrer URL: why?
问题描述
我有一个网站, www.a.com
在该网站中,我在 https://www.a.com/mypage
上提供了一个包含以下内容的页面:
< script src ='https://www.b.com/anotherpage'></script>
如果我从每个浏览器访问, b.com
都会以http引荐来源网址收到该消息:
https://www.a.com/mypage
但是,如果我从Safari移动版或台式机访问,引荐来源网址为:
https://www.a.com/
为什么?如何强制Safari发送完整的引荐来源网址?
示例:
来自Safari,b.com日志:
123.45.678.901--[06/Jun/2020:00:32:03 +0200]"GET/anotherpage/HTTP/1.1" 200 0"https://www.a.com/""Mozilla/5.0(iPhone; CPU iPhone OS 13_4_1,例如Mac OS X)AppleWebKit/605.1.15(KHTML,例如Gecko)版本/13.1移动版/15E148 Safari/604.1"
从另一个浏览器:
123.45.678.901--[06/Jun/2020:00:31:34 +0200]"GET/anotherpage/HTTP/1.1" 200 0"https://www.a.com/mypage/" Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML,如Gecko)Chrome/83.0.4103.61 Safari/537.36
我尝试添加以下内容:
<元名称="referrer" content =不安全的网址">
或这个
<元名称="referrer" content =始终">
访问 https://www.a.com/mypage
的&head;
,但无济于事.
Safari中的错误行为(引荐来源网址仅设置为域,而没有URI)与 Prevent跨站点跟踪
已启用.设置:
<元名称=引荐来源网址"内容=降级时没有引荐来源人".< meta http-equiv ='Referrer-Policy'content ='no-referrer-when-downgrade'>
或在元素(iframe,脚本代码等)上设置 referrerPolicy =" no-referrer-when-downgrade"
不影响它.
请参见 https://www.arcolatheatre.com/disable-prevent-cross-site-tracking/
希望这对某人有帮助
I have a website, www.a.com
In that website, I serve a page at https://www.a.com/mypage
that contains this:
<script src='https://www.b.com/anotherpage'></script>
If I visit from every browser, b.com
will receive this as http referrer:
https://www.a.com/mypage
However, if I visit from Safari mobile or desktop, the referrer becomes:
https://www.a.com/
Why? How can I force Safari to send the full referrer?
Example:
from Safari, b.com logs:
123.45.678.901 - - [06/Jun/2020:00:32:03 +0200] "GET /anotherpage/ HTTP/1.1" 200 0 "https://www.a.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"
from another browser:
123.45.678.901 - - [06/Jun/2020:00:31:34 +0200] "GET /anotherpage/ HTTP/1.1" 200 0 "https://www.a.com/mypage/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
I've tried adding this:
<meta name="referrer" content="unsafe-url">
or this
<meta name="referrer" content="always">
to the <head>
of https://www.a.com/mypage
but to no avail.
The incorrect behaviour in Safari (referrer being set to the domain only, without the URI), pertains to the fact that Prevent cross-site tracking
is enabled.
Setting:
<meta name="referrer" content="no-referrer-when-downgrade">
<meta http-equiv='Referrer-Policy' content='no-referrer-when-downgrade'>
or setting referrerPolicy="no-referrer-when-downgrade"
on the element (iframe, script tag, etc)
does not affect it.
See https://www.arcolatheatre.com/disable-prevent-cross-site-tracking/
Hope this helps someone,
这篇关于Safari移动设备和桌面设备隐藏了完整的引荐来源网址:为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!