一个 HTTP 请求被发送到网站 http://www.foobar.com/,
服务器响应以下 HTTP Location header
(前导斜杠和反斜杠,后跟主机名)
Location:/\example.com
根据所使用的浏览器,可以观察到两种行为:
在 Google Chrome 43(Windows 和 Linux)、Internet Explorer 11 上,浏览器然后请求以下 URI(就好像位置 header 值是一个协议(protocol)相对 URI):
http://example.com在 Firefox 38、Safari 8、Epiphany 或 Curl 上,执行以下请求:
http://www.foobar.com/\example.com
据我了解规范,Chrome 和 IE 应用的行为是不正确的。
HTTP 1.1 specification (RFC 7231) 在第 7.1.2 节中定义了 Location header [已添加重点]:
The "Location" header field is used in some responses to refer to a specific resource in relation to the response. The type of relationship is defined by the combination of request method and status code semantics.
Location = URI-referenceThe field value consists of a single URI-reference. When it has the form of a relative reference ([RFC3986], Section 4.2), the final value is computed by resolving it against the effective request URI ([RFC3986], Section 5).
URI specification (RFC 3986) 在 4.2 节中定义了相对引用 [已添加重点]:
A relative reference that begins with two slash characters is termed a network-path reference; such references are rarely used. A relative reference that begins with a single slash character is termed an absolute-path reference. A relative reference that does not begin with a slash character is termed a relative-path reference.
我能找到的对此 /\ 前导序列的唯一引用是在以下帖子中:
http://www.asp.net/mvc/overview/security/preventing-open-redirection-attacks
- 对于 Chrome 和 IE 为何将这些 URI 解释为绝对 URI,您有什么解释吗? 它有什么用吗?
- 除了协议(protocol)相关 URI (
//example.com),您是否知道任何其他实际上被某些浏览器解释为绝对的“相对”URI? (是否是正确的解释)
已更新
- 为 Chrome 输入的官方错误报告:
最佳答案
这是一个官方的 Chromium Bug :
关于google-chrome - HTTP 重定向到带有前导斜杠+反斜杠的 URL "/\example.com"在 Chrome/IE 上被认为是绝对的,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30846693/