我正在编写一个 HTTP 代理服务器,我注意到许多客户端使用“Connection: Keep-Alive” header 来保持持久连接。客户端是否可能在服务器处理第一个 HTTP 请求之前发送另一个 HTTP 请求?
例如,客户端发送“GET/HTTP/1.1”,但在服务器有机会响应之前,客户端发送“GET/favicon.ico HTTP/1.1”。那可能吗?或者客户端会在发送第二个请求之前暂停响应吗?
此外,在使用持久连接时,假设通过该连接的所有请求都具有相同的“主机:” header 是否安全?
最佳答案
“此外,当使用持久连接时,假设通过该连接的所有请求都具有相同的“主机:” header 是否安全?”
我不这么认为,请参阅 HTTPbis P1, Section 2.2 :
Recipients MUST consider every message in a connection in isolation; because HTTP is a stateless protocol, it cannot be assumed that two requests on the same connection are from the same client or share any other common attributes. In particular, intermediaries might mix requests from different clients into a single server connection. Note that some existing HTTP extensions (e.g., [RFC4559]) violate this requirement, thereby potentially causing interoperability and security problems.
关于http - 持久化 HTTP 客户端能否一次发送多个请求?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8028303/