POST请求是如何构建的?

时间:2018-01-10 17:29:33

标签: http post browser https http-post

Web浏览器如何从HTML源代码构建有效的HTTP POST请求?

例如,https://stackexchange.com/users/login上的登录表单如下:

<form method="post" action="/affiliate/form/login/submit">
        <table class="position-table">
            <tbody><tr>
                <td class="input-td">
                    <label for="email" class="accessibility-hidden">Email</label>
                    <input class="framed-text-field edit-field-overlayed" type="text" name="email" id="email" maxlength="100" style="opacity: 0.3; z-index: 1; position: relative;">
                    <span class="form-help" style="display: none;">name@example.com</span>
                </td>
                <td class="input-td">
                    <label for="password" class="accessibility-hidden">Password</label>
                    <input class="framed-text-field edit-field-overlayed" type="password" name="password" id="password" style="opacity: 0.3; z-index: 1; position: relative;">
                    <span class="form-help" style="display: none;">Password</span>
                </td>
                <td></td>
                <td class="input-td">
                    <input type="submit" class="affiliate-button" value="Sign In">
                </td>
            </tr>
        </tbody></table>

        <input type="hidden" name="affId" value="XX">
        <input type="hidden" id="fkey" name="fkey" value="XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX">
    </form>

如果我拦截了我的浏览器发送的请求,我可以看到完整的POST请求:

POST /affiliate/form/login/submit HTTP/1.1
Host: openid.stackexchange.com
Connection: close
Content-Length: 86
Cache-Control: max-age=0
Origin: https://openid.stackexchange.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://openid.stackexchange.com/affiliate/form?affId=11&background=transparent&callback=https%3a%2f%2fstackexchange.com%2fusers%2fauthenticate&color=black&nonce=ZUlWWgAAAADlmwCfYbAw%2bg%3d%3d&openid.sreg.requested=email&signupByDefault=false&onLoad=signin-loaded&authCode=E8UrPSRT%2bzAs6b2nqZygJVS2cHb%2fY8TwtrlMUN3bORnP0o7IZRGIatV%2fkJ73KMX0nwrcnJdf2qBKFzJJ28czMo9GWAQesGoO4qgp6XZgulhYzlpEL4XOpTotYAVSlq5K5mFQjwTy6I4YbtJrsIyFs4yy2EgNlOe%2b7E0W%2fRVpnws%3d
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: prov=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX; acct=XXXXXXXXXXXXXXXvXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; canary=X; anon=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

email=AzureDiamond&password=Hunter2&affId=11&fkey=XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX

我的网络浏览器(chrome)如何知道根据HTML表单中的内容构建POST请求?某些方面是显而易见的,请求方法,目标,内容长度,实际等都在表单中可见(或由用户输入)。

我不了解其构造的标题是:

  • 缓存控制
  • 升级 - 不安全请求
  • 内容类型
  • 接受
  • 参见
  • 接受编码
  • 接受语言

这些是由浏览器构建/编写的吗?我不这么认为,因为当我尝试从请求中删除它们时,我从stackexchange返回了错误的请求错误。但是,我似乎无法找到浏览器构建它们的内容?

1 个答案:

答案 0 :(得分:0)

浏览器假定表单请求的数据不是静态的,因此知道设置&#34; Cache-Control:max-age = 0&#34;。浏览器对其他请求标头也进行了类似的默认假设。

但是,可以使用<META标记覆盖某些默认值:enter link description here(我发现在StackOverflow上的类似问题下链接到该默认值)。其他设置为表单属性,如<form accept-charset="ISO-8859-1" ...

相关问题
最新问题