我看到,尤其是在德国,越来越多的mor网站要求获得设置cookie的许可.我当前的项目不需要应用程序级别的cookie.所以我想知道我是否不应该完全丢弃cookie.
我的问题:
是否可以在不使用cookie的情况下完全使用nginx设置静态网站?
如果是这样,无cookie网站是否有不利之处?
解决方案是的,当然有可能.
绝对没有弊端(除非您也喜欢跟踪,用户登录或具有任何首选项,尽管也存在其他选择).
另一方面,还有很多好处-您可以确保如果一个用户与另一个用户共享该URL,则该URL可以正常工作,因为它不依赖任何cookie.
请注意,借助nginx,您甚至可以从严格需要cookie的后端应用程序中删除cookie.例如,我在 BXR.SU/上的OpenGrok安装中做到了,在这里我使用nginx剥离cookie,这两种方式都有效地使用了面向客户端的URL路径作为首选项标识符,而不是将此类信息保存在cookie中,随后在将请求传递回OpenGrok(如果OpenGrok不支持$ args作为后备,那么仍然有可能在后端使用Cookie,但仍可以在将内容提供给客户端之前清除它们).
请参见 serverfault/questions/462799/leverage-proxy-caching-with-nginx-by-removing-set-cookie-header/467774#467774 有关我的实现的更多讨论.例如,以下内容可用于确保您的后端既不能设置也无法获取任何Cookie:
proxy_hide_header Set-Cookie; proxy_ignore_headers Set-Cookie; # important! Remember the special inheritance rules for proxy_set_header: # nginx/ru/docs/http/ngx_http_proxy_module.html#proxy_set_header proxy_set_header Cookie "";请注意,即使使用上述代码,仍然可以在JavaScript的帮助下设置和读取Cookie.
I see, especially here in Germany, more and mor web sites, asking for permission to set cookies. My current project doesn't require cookies on the application level. So I am wondering if i shouldn't drop cookies entirely.
My questions:
Is it possible to set up static web site with nginx entirely without the use of cookies?
And if so, is there a downside to cookieless sites?
解决方案Yes, it is certainly possible.
There are absolutely no downsides° (°unless you care for tracking, user-login, or having any sort of preferences, although alternatives exist as well).
On the other hand, there are plenty of upsides — you ensure that if one user shared the URL with another one, that the URL will work as expected, as it doesn't depend on any cookies.
Note that with the help of nginx you can actually remove cookies even from backend applications that strictly do require the cookies. E.g., I did it for my OpenGrok installation at BXR.SU/, where I use nginx to strip the cookies, both ways, and effectively use the URL path on the client-facing side as the preference identifier in place of saving such information in the cookies, and subsequently converting such $uri into $args (in place of cookies) when passing the requests back to OpenGrok (if OpenGrok would not have supported $args as a fallback, it'd also be possible to still use cookies within the backend, but still clear them up before serving the content back to the client).
See serverfault/questions/462799/leverage-proxy-caching-with-nginx-by-removing-set-cookie-header/467774#467774 for some more discussion of my implementation. For example, the following may be used to ensure your backend can neither set nor get any cookies:
proxy_hide_header Set-Cookie; proxy_ignore_headers Set-Cookie; # important! Remember the special inheritance rules for proxy_set_header: # nginx/ru/docs/http/ngx_http_proxy_module.html#proxy_set_header proxy_set_header Cookie "";Note that even with the above code, cookies could still be set and read by the front-end with the help of JavaScript.
更多推荐
是否可以在不使用cookie的情况下设置nginx?
发布评论