从网址中删除尾部斜杠始终是安全的吗? [英] Is it always safe to remove a trailing slash from a URL?
问题描述
我在数据库中存储网址,我想知道两个网址是否相同。
I'm storing URLs in a database, and I want to be able to know if two URLs are identical.
一般来说,尾部的斜杠不改变你从服务器得到的响应。 (即 http://www.google.com/ 与 http://www.google.com )
Generally, a trailing slash at the end doesn't change the response you'd get from a server. (ie. http://www.google.com/ is the same as http://www.google.com)
我可以随时移除来自任何URL的尾部斜杠,而不查看任何内容?
是否安全?
Can I always blindly remove the trailing slash from any URL, without looking at anything?
Is that safe?
不看任何东西我从中删除斜杠:
http: //www.google.com/q?xxx=something&yyy=something/
What I mean by "without looking at anything" is that I'd remove the slash from:
http://www.google.com/q?xxx=something&yyy=something/
我知道网络服务器可以理论上返回完全不同的东西,如果它想要,我知道有时去一个网址没有斜杠将重定向到一个斜杠。我只想在这里确定两个网址是否相同。
I know the web server could theoretically return completely different things if it wanted, and I know sometimes going to a URL without the slash will redirect to one with the slash. My only intention here is determining if both URLs are the same.
这种方法是否安全?
推荐答案
不是总是安全的。 Web服务器可以解释URL喜欢的URL的路径部分。您无法在网址上使用GET或HEAD,因此无法知道该做什么(解析URI)。
No it is not always safe. A web server could interpret the path part of the URL anyway it likes. You cannot tell what it will do (resolve the URI) without using a GET or HEAD on the URL.
这篇关于从网址中删除尾部斜杠始终是安全的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!