ajax可以伪造的头部信息

ajax可以伪造部分header头信息,但有部分http header并不能被模拟,会被忽略或在浏览器发送请求时覆盖掉.

如下文,另外 refer是会被浏览器覆盖掉的.

http://www.w3school.com.cn/xmldom/dom_xmlserializer.asp#footer

有些请求头部由 XMLHttpRequest 自动设置而不是由这个方法设置,以符合 HTTP 协议。这包括如下和代理相关的头部:

  • Host
  • Connection
  • Keep-Alive
  • Accept-charset
  • Accept-Encoding
  • If-Modified-Since
  • If-None-Match
  • If-Range
  • Range

http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/#dfn-setrequestheader

User agentsmustnot set any headers other than the headers set by the author using this method,with the following exceptions:

  • UAsmustset theHostheader appropriately (seeopen()) and not allow it to be overridden.
  • UAsmustset theAuthorizationheader according to the values passed to theopen()method (butmustallow calls tosetRequestHeader()to append values to it).
  • UAsmayset theAccept-CharsetandAccept-Encodingheaders andmust notallow them to be overridden.
  • UAsmayset theIf-Modified-Since,If-None-Match,If-Range,andRangeheaders if the resource is cached and has not expired (as allowed by HTTP),andmust notallow those headers to be overridden.
  • UAsmustset theConnectionandKeep-Aliveheaders as described by the HTTP specification,andmust notallow those headers to be overridden.
  • UAsshouldset the proxy-related headers according to proxy settings of the environment,andmust notallow those headers to be overridden.
  • UAsmaygive theUser-Agentheader an initial value,butmustallow authors to append values to it.
  • UAsshouldsetCookieandCookie2headers appropriately for the given URI and given the user's current cookies,andmustallow authors to append values to these headers.

相关文章

$.AJAX()方法中的PROCESSDATA参数 在使用jQuery的$.ajax()方...
form表单提交的几种方式 表单提交方式一:直接利用form表单提...
文章浏览阅读1.3k次。AJAX的无刷新机制使得在注册系统中对于...
文章浏览阅读1.2k次。 本文将解释如何使用AJAX和JSON分析器在...
文章浏览阅读2.2k次。/************************** 创建XML...
文章浏览阅读3.7k次。在ajax应用中,通常一个页面要同时发送...