HTTP推荐人陷入困境?
我需要确保我的网页始终位于第三方拥有的iframe中。第三方使用src =../ index.php引用我们的目标网页。
I need to ensure that my webpage is always within an iframe owned by a 3rd party. This third party refers to our landing page using src="../index.php".
现在我的问题是,如果我使用引荐来源确保页面是我自己或第三方请求的,如果不强制重新加载第三方网站,我应该注意哪些大问题?
Now my question is, if I make use of referrer to ensure that the page was requested by either myself or from the third party and if not force a reload of the 3rd party site, are there any big gotchas I should be aware of?
For例如,是否有某些常见浏览器不遵循引荐规则?
For example, are there certain common browsers that don't follow the referrer rules?
谢谢。
不需要推荐人。如果浏览器没有提供它,那么你将进入一个无限的重定向循环。推荐人实际上是自愿的,就像cookies,java和javascript一样。
Referrers are not required. If a browser doesn't supply it then you'll get yourself into an endless redirect loop. Referrer is effectively "voluntary" just like cookies, java, and javascript.
虽然。你可以记录IP&上次重定向的时间。修剪日志超过5分钟的日志,并且每5分钟不会重定向一次以上。你应该抓住99.9%的用户,但要避免其余的重定向循环。日志不能依赖于浏览器中的任何内容(这是原始问题),因此没有cookie和没有会话。一个简单的2列数据库表就足够了。
Although. You could keep a log of IP & time last redirected. Prune the logs for anything over 5 minutes old and never redirect more than once per 5 minutes. You should catch 99.9% of users out there but avoid an infinite redirect loop for the rest. The log cannot rely on anything in the browser (that's the original problem) so no cookie and no session. A simple 2-column database table should suffice.