嘿那里。 我有一个非常有趣的场景,当asp核心应用程序为我的标题增加了一些东西。我正在检查所有传入的请求并使用中间件在处理请求之前检查标头:
Hey there. I am having a very interesting scenario, when asp core app adds something additional to my headers. I am inspecting all incoming requests and using the middleware to to inspect headers before processing the request:
public async Task Invoke(HttpContext httpContext) { if (httpContext.Request.Headers.Keys.ToArray()[0] != "UserKey") { throw new Exception("Wrong header order"); } await _next(httpContext); }我也在startup.cs中设置了这个:
I have also set this in startup.cs:
<pre>public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } // do this before others app.UseMiddleware<HeaderHandlingMiddleware>(); app.UseMvc(); }虽然出于某种原因,当我尝试在中间件请求期间检查标题时,我可以看到为连接和保持活动添加了一些默认标题。这些都设置在顶部(意味着它们首先在标题集合中)。 我尝试用Fiddler做手动请求:
Though for some reason when I try to inspect the headers during the time request is in middleware I can see that some default headers been added for "Connection" and "Keep-Alive". And these were set on top (meaning they are first in the header collection). I tried doing manual request with Fiddler like that:
GET localhost:49669/headers HTTP/1.1 Key_1: Value_1 Key_2: Value_2 Key_3: Value_3 Host: localhost:49669 Connection: Close但是 - 当我检查标题时,我可以看到Connection已设置为Keep-Alive并且标题排序已丢失。 任何想法在哪里看? 也许我可以附加一些额外的事件(不使用中间件)? br, m 我尝试过: 尝试使用中间件类,但没有安静帮助。
But still - when I inspect the headers I can see that Connection was set to "Keep-Alive" and the header ordering has been lost. Any idea where to look? Maybe there is some additional event I can attach to (without using the middleware)? br, m What I have tried: Tried using middleware class but that did not quiet help.
推荐答案这与ASP.NET无关;那些标题正在发送给客户。 That's nothing to do with ASP.NET; those headers are being sent the client. RFC2616,第4.2节 [ ^ ]:
接收到具有不同字段名称的标头字段的顺序并不重要。但是,首先发送通用标头字段是好习惯,其次是request-header或response-header字段,以entity-header字段结尾。
The order in which header fields with differing field names are received is not significant. However, it is "good practice" to send general-header fields first, followed by request-header or response-header fields, and ending with the entity-header fields.
大多数客户端都会放置常规标题 - 比如 Connection 和 Keep-Alive - 在任何其他标题之前。 依赖于发送的标题按特定顺序非常脆弱,几乎会立即中断。 相反,你应该测试header字典是否包含预期的标题:
Most clients will put "general" headers - like Connection and Keep-Alive - before any other headers. Relying on headers being sent in a specific order is extremely fragile, and will break almost immediately. Instead, you should test whether the headers dictionary contains the expected header:
public async Task Invoke(HttpContext httpContext) { if (!httpContext.Request.Headers.ContainsKey("UserKey")) { throw new InvalidOperationException("Required header is missing."); } await _next(httpContext); }
更多推荐
Asp.net核心默认标头
发布评论