在什么情况下，代理会移除 HTTP 请求头? [英] Under what conditions are HTTP request headers removed by proxies?

问题描述

我正在研究 RESTfully 版本控制 API 的各种方法，并且有三个主要的竞争者.我相信我几乎已经决定使用 X-API-Version.抛开争论不谈，反对使用该标头和一般自定义标头的论据之一是您无法控制代理服务器何时操纵标头.我很好奇有哪些现实世界的例子，当它发生在整个互联网上，或者它可能用于内部网或服务器集群时，或者它可能发生在任何其他情况下.

I'm looking at various methods of RESTfully versioning APIs, and there are three major contenders. I believe I've all but settled on using X-API-Version. Putting that debate aside, one of the arguments against using that header, and custom headers in general, is that you can't control when headers are manipulated by proxy servers. I'm curious about what real-world examples there are of this, when it happens on the internet at large, or when it might be used on an intranet or server cluster, or when it might occur in any other situation.

推荐答案

Web 内容指南Transformation Proxies 1.0 几乎是理解和预测符合标准的代理服务器行为的权威指南.就您的问题而言，请求的代理转发部分文档可能特别有用.

The Guidelines for Web Content Transformation Proxies 1.0 is pretty much the definitive guide to understanding and predicting standards-compliant proxy server behavior. In terms of your question, the Proxy Forwarding of Request portion of the document might be especially helpful.

每个代理软件包及其各自的配置都会有所不同，但 HTTP 代理通常应遵循 W3C 指南.以下是一些亮点.

Each proxy software package and their individual configurations will be vary but, HTTP proxies are generally expected to follow the W3C Guidelines. Here are some highlights.

4.1 请求的代理转发:

除了在 HEAD 和 GET 代理之间进行转换外，不得更改请求方法.

Other than to convert between HEAD and GET proxies must not alter request methods.

如果请求包含 Cache-Control: no-transform 指令，除了遵守 [RFC 2616 HTTP] 部分第 14.9.5 节和第 13.5.2 节中定义的透明 HTTP 行为以及添加标头字段，如以下 4.1.6 附加 HTTP 标头字段中所述.

If the request contains a Cache-Control: no-transform directive, proxies must not alter the request other than to comply with transparent HTTP behavior defined in [RFC 2616 HTTP] sections section 14.9.5 and section 13.5.2 and to add header fields as described in 4.1.6 Additional HTTP Header Fields below.

4.1.3 非网络浏览器请求者的处理

在更改 HTTP 请求和响应代理的各个方面之前，需要考虑这样一个事实，即 HTTP 被用作除传统浏览"以外的许多应用程序的传输机制.越来越多的基于浏览器的应用程序涉及使用 XMLHttpRequest 交换数据(请参阅 4.2.8 转换的代理决策)，并且此类交换的更改可能会导致误操作.

Before altering aspects of HTTP requests and responses proxies need to take account of the fact that HTTP is used as a transport mechanism for many applications other than "Traditional Browsing". Increasingly browser based applications involve exchanges of data using XMLHttpRequest (see 4.2.8 Proxy Decision to Transform) and alteration of such exchanges is likely to cause misoperation.

4.1.5 更改 HTTP 标头字段值

除了 [RFC 2616 HTTP] 要求的修改之外，代理应该不修改除User-Agent、接受之外的标头字段的值strong>、Accept-Charset、Accept-Encoding 和 Accept-Language 标头字段和不得删除标头字段(请参阅 4.1.5.5 原始标题字段).

Other than the modifications required by [RFC 2616 HTTP] proxies should not modify the values of header fields other than the User-Agent, Accept, Accept-Charset, Accept-Encoding, and Accept-Language header fields and must not delete header fields (see 4.1.5.5 Original Header Fields).

除了遵守透明的 HTTP 操作外，代理不应修改任何请求标头字段，除非以下情况之一适用:

Other than to comply with transparent HTTP operation, proxies should not modify any request header fields unless one of the following applies:

• 由于服务器响应请求不可接受"，用户将被禁止访问内容(参见 4.2.4 服务器拒绝 HTTP 请求)；

  • the user would be prohibited from accessing content as a result of the server responding that the request is "unacceptable" (see 4.2.4 Server Rejection of HTTP Request);

    用户明确要求重构桌面体验(参见 4.1.5.3 重构体验的用户选择)；

    the user has specifically requested a restructured desktop experience (see 4.1.5.3 User Selection of Restructured Experience);

    请求是请求序列的一部分，包括同一网站上包含的资源或链接的资源(请参阅 4.1.5.4 请求序列).

    the request is part of a sequence of requests comprising either included resources or linked resources on the same Web site (see 4.1.5.4 Sequence of Requests).

    以下部分详细介绍了这些情况.

    These circumstances are detailed in the following sections.

    注意:

    需要强调的是，在存在 Cache-Control: no-transform 的情况下，不得更改请求，如 Request 中 4.1.2 no-transform 指令所述.

    It is emphasized that requests must not be altered in the presence of Cache-Control: no-transform as described under 4.1.2 no-transform directive in Request.

    请求中引用的 URI 不参与确定是否更改 HTTP 请求标头字段值.特别是 4.2.8 Proxy Decision to Transform 中提到的模式并不重要.

    The URI referred to in the request plays no part in determining whether or not to alter HTTP request header field values. In particular the patterns mentioned in 4.2.8 Proxy Decision to Transform are not material.

    4.1.6 附加 HTTP 标头字段

    无论是否存在无转换指令:

    Irrespective of the presence of a no-transform directive:

    • 代理应在 X-Forwarded-For HTTP 标头字段中以逗号分隔的列表末尾添加请求发起者的 IP 地址；

    • proxies should add the IP address of the initiator of the request to the end of a comma separated list in an X-Forwarded-For HTTP header field;

    代理必须(根据 RFC 2616)包括 Via HTTP 标头字段(请参阅 4.1.6.1 代理处理 Via 标头字段).

    proxies must (in accordance with RFC 2616) include a Via HTTP header field (see 4.1.6.1 Proxy Treatment of Via Header Field).

    还有很多关于响应标头更改以及能够检测到这些更改的信息.

    There is also lots of information regarding the alteration of response headers and being able to detect those changes.

    至于 Web 服务 REST API 版本控制，API 版本控制的最佳实践? 这应该会提供大量有用的见解.

    As for web service REST API versioning, there is a very lucid and useful SO thread at Best practices for API versioning? that should provide a wealth of helpful insight.

    我希望所有这些都会有所帮助.保重.

    I hope all of this helps. Take care.

    这篇关于在什么情况下，代理会移除 HTTP 请求头?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！