科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Set referer for XMLHttpRequest? - Stack Overflow

    javascript - Set referer for XMLHttpRequest? - Stack Overflow

    programmeradmin1浏览0评论

    I am successfully sending a XMLHttpRequest by using:

    var createCORSRequest = function(method, url) {
  var xhr = new XMLHttpRequest();
  if ("withCredentials" in xhr) {
    // Most browsers.
    xhr.open(method, url, true);
  } else if (typeof XDomainRequest != "undefined") {
    // IE8 & IE9
    xhr = new XDomainRequest();
    xhr.open(method, url);
  } else {
    // CORS not supported.
    xhr = null;
  }
  return xhr;
};

var url = '';
var method = 'GET';
var xhr = createCORSRequest(method, url);

xhr.onload = function() {
  // Success code goes here.
};

xhr.onerror = function() {
  // Error code goes here.
};


xhr.setRequestHeader('referer', '');
xhr.send();

    However, I could not able to define my referer. What is the correct way to add the custom referer?

    I am successfully sending a XMLHttpRequest by using:

    var createCORSRequest = function(method, url) {
  var xhr = new XMLHttpRequest();
  if ("withCredentials" in xhr) {
    // Most browsers.
    xhr.open(method, url, true);
  } else if (typeof XDomainRequest != "undefined") {
    // IE8 & IE9
    xhr = new XDomainRequest();
    xhr.open(method, url);
  } else {
    // CORS not supported.
    xhr = null;
  }
  return xhr;
};

var url = 'http://www.whatismyip.com';
var method = 'GET';
var xhr = createCORSRequest(method, url);

xhr.onload = function() {
  // Success code goes here.
};

xhr.onerror = function() {
  // Error code goes here.
};


xhr.setRequestHeader('referer', 'http://www.google.com');
xhr.send();

    However, I could not able to define my referer. What is the correct way to add the custom referer?

    • javascript
    • jquery
    • ajax
    • internet-explorer
    Share Improve this question edited Mar 23, 2021 at 17:53 Serge Stroobandt 31.5k9 gold badges120 silver badges109 bronze badges asked Nov 30, 2014 at 21:36 user198989user198989 4,66520 gold badges68 silver badges95 bronze badges 1
    • I have same problem and could not understand why XMLHttpRequest does not have referrer or User-Agent informations? Is there any way to catch them all using fetch or axios? – efirat Commented Feb 4, 2021 at 14:28
    Add a comment  | 

    3 Answers 3

    Reset to default 19

    You cannot. The XMLHttpRequest specification forbids the altering of the referer header (this stops sites lying in it to bypass security checks which some sites use the referer for).

    Terminate these steps if header is a case-insensitive match for one of the following headers:

    • Referer

    You can try something like this:

    xhr.setRequestHeader('X-Referer', window.location.href);

    And then read this custom X-Referer header.

    Answer found on https://www.trustedsec.com/blog/setting-the-referer-header-using-javascript/

    You can set it using window.history.replaceState(null, '', 'https://yourwebsite.com/forged/referer')

    As far as I know it only works with the same domain, but you can forge the path this way.

    See https://developer.mozilla.org/en-US/docs/Web/API/History/replaceState

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论