PHP:使用 header() 更改引用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9616977/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP: Changing referer with header()
提问by DMIL
My CMS links to other sites for convenience and I'd like to hide the referer so that other sites don't see the directory and the query string of my CMS. I now have the CMS linking to a PHP file elswhere on my server which in turn redirects to the link via header() but the referer is still from my CMS, not from the linking PHP. Furthermore...
为方便起见,我的 CMS 链接到其他站点,我想隐藏引用者,以便其他站点看不到我的 CMS 的目录和查询字符串。我现在有 CMS 链接到我服务器上的 PHP 文件 elswhere,该文件又通过 header() 重定向到链接,但引用者仍然来自我的 CMS,而不是来自链接的 PHP。此外...
header("Referer: nowhere");
header("Location: $_REQUEST[urltolinkto]");
... doesn't appear to change anything. No matter what I put as referer, it's always the one from my CMS where the user actually clicked on the link.
......似乎没有改变任何东西。不管我把什么作为引用,它总是来自我的 CMS 用户实际点击链接的那个。
Can the referer be changed (to the linking PHP), or do I have to use javascript or meta refresh?
可以更改引用者(到链接 PHP),还是必须使用 javascript 或元刷新?
回答by
The Refererheader is something the browser sends to the Server. You are changing the respose from the server to the browser, so that will not work this way (unlike the Cookie header). As far as I know you have no server-side control of the browser's behavior on sending the Referer.
该Referer头是什么浏览器发送到服务器。您正在将响应从服务器更改为浏览器,因此不会以这种方式工作(与 Cookie 标头不同)。据我所知,您对浏览器发送 Referer 的行为没有服务器端控制。
回答by toster-cx
The browser does get to choose what referrer to send, but there are ways around it.
浏览器确实可以选择要发送的引荐来源网址,但有一些方法可以解决。
HTML5 added meta referrer, most modern browsers will respect it. Just add
HTML5 添加了元引用,大多数现代浏览器都会尊重它。只需添加
<meta name="referrer" content="no-referrer">
to your site's head.
到您网站的头部。
There's also redirection services and other hacks to hide the ref (https redirects, iframe tricksand others).
