本文介绍了可以“x-requested-with” http标头是欺骗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的研究表明,只有Host,Referer和User-Agent标头可以被欺骗。
()

My research shows that only the Host, Referer, and User-Agent headers can be spoofed.(source)

这是一个正确的假设吗?我正在建立的网站的安全性可能要求x-requested-with不能伪造。这远非理想,但可能是我唯一的途径。

Is this a correct assumption to make? The security of a site I am building may require that "x-requested-with" cannot be faked. This is far from ideal but may be the only avenue I have.

推荐答案

HTTP中的任何内容都可以被欺骗。 欺骗性的程度很难确定。使用我想要的任何标题值来制作请求是相当简单的。

Just about anything in HTTP can be spoofed. The level of 'spoofability' is hard to determine. It's fairly trivial to craft a request with any header value I desire.

如果这是你唯一的选择,那就这样吧,但我不想使用依赖它的网站来做任何重要事情。

If it's your only option, so be it, but I wouldn't want to use a site that relied on it for anything important.

这篇关于可以“x-requested-with” http标头是欺骗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-18 19:30