在什么条件下由代理删除HTTP请求标头？ [英] Under what conditions are HTTP request headers removed by proxies?

问题描述

我正在研究RESTs版本化API的各种方法，并且有三个主要的竞争者。我相信我已经决定使用 X-API-Version 。抛开这个争论，反对使用该标头和一般自定义标头的一个论点是，您无法控制何时由代理服务器操纵标头。我很好奇这个实际的例子，当它发生在互联网上，或者它可能在内部网或服务器集群上使用时，或者它可能在任何其他情况下发生时。

I'm looking at various methods of RESTfully versioning APIs, and there are three major contenders. I believe I've all but settled on using X-API-Version. Putting that debate aside, one of the arguments against using that header, and custom headers in general, is that you can't control when headers are manipulated by proxy servers. I'm curious about what real-world examples there are of this, when it happens on the internet at large, or when it might be used on an intranet or server cluster, or when it might occur in any other situation.

推荐答案

Web内容转换代理指南1.0几乎是理解和预测符合标准的代理服务器行为的权威指南。就您的问题而言，代理转发请求部分该文件可能特别有用。

The Guidelines for Web Content Transformation Proxies 1.0 is pretty much the definitive guide to understanding and predicting standards-compliant proxy server behavior. In terms of your question, the Proxy Forwarding of Request portion of the document might be especially helpful.

每个代理软件包及其各自的配置都会有所不同，但HTTP代理通常应遵循W3C指南。以下是一些亮点。

Each proxy software package and their individual configurations will be vary but, HTTP proxies are generally expected to follow the W3C Guidelines. Here are some highlights.

4.1代理转发请求：

除了在HEAD和GET代理之间进行转换之外，不得改变请求方法。

Other than to convert between HEAD and GET proxies must not alter request methods.

如果请求包含Cache-Control：no-transform指令，则代理除了遵守[RFC 2616 HTTP]部分第14.9.5节和第13.5.2节中定义的透明HTTP行为以及添加头字段之外，不得更改请求，如下面4.1.6其他HTTP标头字段中所述。

If the request contains a Cache-Control: no-transform directive, proxies must not alter the request other than to comply with transparent HTTP behavior defined in [RFC 2616 HTTP] sections section 14.9.5 and section 13.5.2 and to add header fields as described in 4.1.6 Additional HTTP Header Fields below.

4.1.3处理非Web浏览器的请求者

在更改HTTP请求和响应的各个方面之前，代理需要考虑到HTTP被用作传统浏览以外的许多应用程序的传输机制这一事实。越来越多的基于浏览器的应用程序涉及使用XMLHttpRequest进行数据交换（参见4.2.8转换代理决策），并且此类交换的更改可能会导致误操作。

Before altering aspects of HTTP requests and responses proxies need to take account of the fact that HTTP is used as a transport mechanism for many applications other than "Traditional Browsing". Increasingly browser based applications involve exchanges of data using XMLHttpRequest (see 4.2.8 Proxy Decision to Transform) and alteration of such exchanges is likely to cause misoperation.

4.1.5 HTTP标头字段值的更改

除了[RFC]要求的修改2616 HTTP]代理应该不修改除用户代理，接受，接受字符集之外的标题字段的值strong>，接受编码和接受语言标题字段，不得删除标题字段（请参阅4.1.5.5原始标题字段）。

Other than the modifications required by [RFC 2616 HTTP] proxies should not modify the values of header fields other than the User-Agent, Accept, Accept-Charset, Accept-Encoding, and Accept-Language header fields and must not delete header fields (see 4.1.5.5 Original Header Fields).

除了遵守透明的HTTP操作之外，代理不应修改任何请求头字段，除非满足下列条件之一：

Other than to comply with transparent HTTP operation, proxies should not modify any request header fields unless one of the following applies:

• 禁止用户访问conten t由于服务器响应该请求是不可接受的（参见4.2.4服务器拒绝HTTP请求）;

• the user would be prohibited from accessing content as a result of the server responding that the request is "unacceptable" (see 4.2.4 Server Rejection of HTTP Request);

  用户已特别请求重构的桌面体验（参见4.1.5.3用户选择重组体验）;

  the user has specifically requested a restructured desktop experience (see 4.1.5.3 User Selection of Restructured Experience);

  请求是包含所包含资源或链接资源的一系列请求的一部分在同一个网站上（见4.1.5.4请求顺序）。

  the request is part of a sequence of requests comprising either included resources or linked resources on the same Web site (see 4.1.5.4 Sequence of Requests).

  以下各节详细介绍了这些情况。

  These circumstances are detailed in the following sections.

  注意：

  
  

  强调如果存在Cache-Control，则不得更改请求：请求中的4.1.2 no-transform指令中描述的无变换。

  It is emphasized that requests must not be altered in the presence of Cache-Control: no-transform as described under 4.1.2 no-transform directive in Request.

  引用的URI请求不参与确定是否更改HTTP请求标头字段值。特别是4.2.8转换代理决策中提到的模式不重要。

  The URI referred to in the request plays no part in determining whether or not to alter HTTP request header field values. In particular the patterns mentioned in 4.2.8 Proxy Decision to Transform are not material.

  4.1.6其他HTTP标头字段

  无论是否存在无变换指令：

  Irrespective of the presence of a no-transform directive:

  
  

  • 代理应该将请求的发起者的IP地址添加到X-Forwarded-For HTTP头字段中逗号分隔列表的末尾;

  • proxies should add the IP address of the initiator of the request to the end of a comma separated list in an X-Forwarded-For HTTP header field;

  代理必须（根据RFC 2616）包含一个Via HTTP头字段（参见4.1.6.1 Via Header字段的代理处理）。

  proxies must (in accordance with RFC 2616) include a Via HTTP header field (see 4.1.6.1 Proxy Treatment of Via Header Field).

  还有很多关于响应标题更改的信息，并且能够检测到这些变化。

  There is also lots of information regarding the alteration of response headers and being able to detect those changes.

  对于Web服务REST API版本控制，在 API版本化的最佳实践中，有一个非常清晰且有用的SO线程？应提供丰富的有用见解。

  As for web service REST API versioning, there is a very lucid and useful SO thread at Best practices for API versioning? that should provide a wealth of helpful insight.

  我希望所有这一切都有帮助。小心。

  I hope all of this helps. Take care.

  这篇关于在什么条件下由代理删除HTTP请求标头？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！