为什么Firefox不总是发送POST请求的HTTP Origin标头? [英] Why does Firefox not always send the HTTP Origin header for POST requests?
问题描述
我在 https://www.drupal.org/node探索将HTTP Origin检查作为Drupal的CSRF保护的想法/ 1803712
现在我正在测试Origin头文件是如何到达POST请求的,但是Firefox并没有在用户登录表单提交时发送Origin头文件。 Chromium和Chrome工作正常,他们发送Origin头。
Firefox版本是36.0.1。我还测试了一个干净的Firefox安装,因为我想也许我的一些浏览器插件压制Origin头,但没有运气 - 也没有原始标题。
文档页面描述了什么时候Firefox发送Origin头文件,什么时候没有?
是尚未实现。这里有一个讨论: https://bugzilla.mozilla.org/show_bug.cgi?id= 446344
I'm exploring the idea of HTTP Origin checks as CSRF protection for Drupal at https://www.drupal.org/node/1803712
Now I was testing how the Origin header arrives with a POST request, but Firefox does not send the Origin header on the user login form submission. Chromium and Chrome work fine, they send the Origin header.
Firefox version is 36.0.1. I also tested with a clean Firefox installation because I thought maybe some of my browser plugins suppress the Origin header, but no luck - no Origin header there either.
Is there a documentation page that describes when Firefox sends the Origin header and when not?
Is isn't implemented yet. There's a discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=446344
这篇关于为什么Firefox不总是发送POST请求的HTTP Origin标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!