删除HTTP请求头中的 Referer,能解决部分防盗链问题。
在页面的 head 里添加以下代码即可删除Referer请求头:
<meta name="referrer" content="no-referrer" />
这对页面上的链接请求以及使用JavaScript代码发起的Ajax请求都有效。
或者针对图片去掉referrer:
<img referrerpolicy="no-referrer|origin|unsafe-url" src="image link"/>
<!-- 比如 -->
<img referrerpolicy="no-referrer" src="https://gitee.com/alanway/resources/raw/master/files/iis-reverse-proxy/site-access-with-proxy.png" />
其他有效 meta 选项如下:
<meta name="referrer" content="unsafe-url" />
<meta name="referrer" content="origin" />
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="referrer" content="origin-when-cross-origin" />
- See if it works for your browser here: http://caniuse.com/#feat=referrer-policy
- See specs here: http://w3c.github.io/webappsec/specs/referrer-policy/
Also note that browsers now send the Origin header (with CORS requests and POST requests, see here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin ) which includes domain and port, and, as far as I know, cannot be removed. If you use <meta name="referrer" content="origin" /> the referrer will contain similar information to the Origin header, which is already good from a privacy point of view, since it will hide the exact page the user is in.
Update:
If you want to remove the referrer by using JavaScript only, you may add the appropriate meta tag dynamically just before making the Ajax request. This JavaScript will add <meta name="referrer" content="no-referrer" /> to head section of the web page:
var meta = document.createElement('meta');
meta.name = "referrer";
meta.content = "no-referrer";
document.getElementsByTagName('head')[0].appendChild(meta);
除了指定 referrerPolicy 策略的形式去掉请求头里的 referrer 的方式, 还可以借助第三方中转服务:
- WordPress:
https://i0.wp.com/图片地址1(图片地址要掉 https://) - Weserv.nl:
https://images.weserv.nl/?url=图片地址 - 百度 1:
https://image.baidu.com/search/down?url=图片地址 - 百度 2:
https://gimg2.baidu.com/image_search/&app=2020&src=图片地址(图片地址要去掉 https://)
比如:
<img referrerpolicy="no-referrer" src="https://image.baidu.com/search/down?url=https%3A%2F%2Fwx1.sinaimg.cn%2Forj360%2F00826I3Dly1hiqkbbep7jj30vh1w5h0b.jpg" />