• <bdo id='XdssW'></bdo><ul id='XdssW'></ul>
  • <legend id='XdssW'><style id='XdssW'><dir id='XdssW'><q id='XdssW'></q></dir></style></legend>
    <i id='XdssW'><tr id='XdssW'><dt id='XdssW'><q id='XdssW'><span id='XdssW'><b id='XdssW'><form id='XdssW'><ins id='XdssW'></ins><ul id='XdssW'></ul><sub id='XdssW'></sub></form><legend id='XdssW'></legend><bdo id='XdssW'><pre id='XdssW'><center id='XdssW'></center></pre></bdo></b><th id='XdssW'></th></span></q></dt></tr></i><div id='XdssW'><tfoot id='XdssW'></tfoot><dl id='XdssW'><fieldset id='XdssW'></fieldset></dl></div>
      <tfoot id='XdssW'></tfoot>

      <small id='XdssW'></small><noframes id='XdssW'>

      1. WebKit “拒绝设置不安全的标头‘内容长度’"

        WebKit quot;Refused to set unsafe header #39;content-length#39;quot;(WebKit “拒绝设置不安全的标头‘内容长度’)
        <legend id='RR6ts'><style id='RR6ts'><dir id='RR6ts'><q id='RR6ts'></q></dir></style></legend>

          <bdo id='RR6ts'></bdo><ul id='RR6ts'></ul>

              <tbody id='RR6ts'></tbody>
            <tfoot id='RR6ts'></tfoot>

            1. <small id='RR6ts'></small><noframes id='RR6ts'>

                <i id='RR6ts'><tr id='RR6ts'><dt id='RR6ts'><q id='RR6ts'><span id='RR6ts'><b id='RR6ts'><form id='RR6ts'><ins id='RR6ts'></ins><ul id='RR6ts'></ul><sub id='RR6ts'></sub></form><legend id='RR6ts'></legend><bdo id='RR6ts'><pre id='RR6ts'><center id='RR6ts'></center></pre></bdo></b><th id='RR6ts'></th></span></q></dt></tr></i><div id='RR6ts'><tfoot id='RR6ts'></tfoot><dl id='RR6ts'><fieldset id='RR6ts'></fieldset></dl></div>
                • 本文介绍了WebKit “拒绝设置不安全的标头‘内容长度’"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  限时送ChatGPT账号..

                  我正在尝试实现简单的 xhr 抽象,并在尝试为 POST 设置标头时收到此警告.我认为这可能与在单独的 js 文件中设置标题有关,因为当我在 .html 文件的 <script> 标记中设置它们时,它工作正常.POST 请求工作正常,但我收到此警告,我很好奇为什么.对于 content-lengthconnection 标头,我都会收到此警告,但仅限于 WebKit 浏览器(Chrome 5 beta 和 Safari 4).在 Firefox 中,我没有收到任何警告,Content-Length 标头设置为正确的值,但 Connection 设置为 keep-alive 而不是 close,这让我认为它也忽略了我的 setRequestHeader 调用并生成它自己的.我没有在 IE 中尝试过这段代码.这是标记和代码:

                  I am trying to implement simple xhr abstraction, and am getting this warning when trying to set the headers for a POST. I think it might have something to do with setting the headers in a separate js file, because when i set them in the <script> tag in the .html file, it worked fine. The POST request is working fine, but I get this warning, and am curious why. I get this warning for both content-length and connection headers, but only in WebKit browsers (Chrome 5 beta and Safari 4). In Firefox, I don't get any warnings, the Content-Length header is set to the correct value, but the Connection is set to keep-alive instead of close, which makes me think that it is also ignoring my setRequestHeader calls and generating it's own. I have not tried this code in IE. Here is the markup & code:

                  test.html:

                  <!DOCTYPE html>
                  <html>
                      <head>
                          <script src="jsfile.js"></script>
                          <script>
                              var request = new Xhr('POST', 'script.php', true, 'data=somedata',  function(data) { 
                                  console.log(data.text); 
                              });
                          </script>
                      </head>
                      <body>
                      </body>
                  </html>
                  

                  jsfile.js:

                  function Xhr(method, url, async, data, callback) {
                      var x;
                      if(window.XMLHttpRequest) {
                          x = new XMLHttpRequest();
                  
                          x.open(method, url, async);
                  
                          x.onreadystatechange = function() {
                              if(x.readyState === 4) {
                                  if(x.status === 200) {
                                      var data = {
                                          text: x.responseText,
                                          xml: x.responseXML
                                      };
                                      callback.call(this, data);
                                  }
                              }
                          }
                  
                          if(method.toLowerCase() === "post") {
                              x.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
                              x.setRequestHeader("Content-Length", data.length);
                              x.setRequestHeader("Connection", "close");
                          }
                  
                          x.send(data);
                      } else {
                          // ... implement IE code here ...
                      }
                      return x;
                  }
                  

                  推荐答案

                  它也忽略了我的 setRequestHeader 调用并生成它自己的

                  it is also ignoring my setRequestHeader calls and generating its own

                  是的,标准说它必须:

                  出于安全原因,如果标题为 [...],则应终止这些步骤

                  For security reasons, these steps should be terminated if header is [...]

                  • 连接
                  • 内容长度

                  搞砸这些可能会暴露各种请求走私攻击,所以浏览器总是使用自己的价值观.没有必要也没有理由尝试设置请求长度,因为浏览器可以根据您传递给 send() 的数据长度准确地做到这一点.

                  Messing around with those could expose various request smuggling attacks, so the browser always uses its own values. There's no need or reason to try to set the request length, as the browser can do that accurately from the length of data you pass to send().

                  这篇关于WebKit “拒绝设置不安全的标头‘内容长度’"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  SCRIPT5: Access is denied in IE9 on xmlhttprequest(SCRIPT5:在 IE9 中对 xmlhttprequest 的访问被拒绝)
                  XMLHttpRequest module not defined/found(XMLHttpRequest 模块未定义/未找到)
                  Show a progress bar for downloading files using XHR2/AJAX(显示使用 XHR2/AJAX 下载文件的进度条)
                  How can I open a JSON file in JavaScript without jQuery?(如何在没有 jQuery 的情况下在 JavaScript 中打开 JSON 文件?)
                  How do I get the HTTP status code with jQuery?(如何使用 jQuery 获取 HTTP 状态码?)
                  quot;Origin null is not allowed by Access-Control-Allow-Originquot; in Chrome. Why?(“Access-Control-Allow-Origin 不允许 Origin null在铬.为什么?)
                    <bdo id='5Ip26'></bdo><ul id='5Ip26'></ul>

                      <small id='5Ip26'></small><noframes id='5Ip26'>

                    1. <legend id='5Ip26'><style id='5Ip26'><dir id='5Ip26'><q id='5Ip26'></q></dir></style></legend>
                      <i id='5Ip26'><tr id='5Ip26'><dt id='5Ip26'><q id='5Ip26'><span id='5Ip26'><b id='5Ip26'><form id='5Ip26'><ins id='5Ip26'></ins><ul id='5Ip26'></ul><sub id='5Ip26'></sub></form><legend id='5Ip26'></legend><bdo id='5Ip26'><pre id='5Ip26'><center id='5Ip26'></center></pre></bdo></b><th id='5Ip26'></th></span></q></dt></tr></i><div id='5Ip26'><tfoot id='5Ip26'></tfoot><dl id='5Ip26'><fieldset id='5Ip26'></fieldset></dl></div>
                      <tfoot id='5Ip26'></tfoot>

                        <tbody id='5Ip26'></tbody>