从网址中删除尾部斜杠始终是安全的吗？ [英] Is it always safe to remove a trailing slash from a URL?

问题描述

我在数据库中存储网址，我想知道两个网址是否相同。

I'm storing URLs in a database, and I want to be able to know if two URLs are identical.

一般来说，尾部的斜杠不改变你从服务器得到的响应。 （即 http://www.google.com/ 与 http://www.google.com ）

Generally, a trailing slash at the end doesn't change the response you'd get from a server. (ie. http://www.google.com/ is the same as http://www.google.com)

我可以随时移除来自任何URL的尾部斜杠，而不查看任何内容？

是否安全？

Can I always blindly remove the trailing slash from any URL, without looking at anything?
Is that safe?

不看任何东西我从中删除斜杠：

http： //www.google.com/q?xxx=something&yyy=something/

What I mean by "without looking at anything" is that I'd remove the slash from:
http://www.google.com/q?xxx=something&yyy=something/

我知道网络服务器可以理论上返回完全不同的东西，如果它想要，我知道有时去一个网址没有斜杠将重定向到一个斜杠。我只想在这里确定两个网址是否相同。

I know the web server could theoretically return completely different things if it wanted, and I know sometimes going to a URL without the slash will redirect to one with the slash. My only intention here is determining if both URLs are the same.

这种方法是否安全？

推荐答案

不是总是安全的。 Web服务器可以解释URL喜欢的URL的路径部分。您无法在网址上使用GET或HEAD，因此无法知道该做什么（解析URI）。

No it is not always safe. A web server could interpret the path part of the URL anyway it likes. You cannot tell what it will do (resolve the URI) without using a GET or HEAD on the URL.

这篇关于从网址中删除尾部斜杠始终是安全的吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！