英文:
How to check client is from swagger ui or not in net core
问题
目前,我有一个客户端和服务器项目,它们使用相同的源代码,所以我想区分客户端是否需要在我的 Swagger 上进行测试,还是客户端在其他地方,以便我可以根据我的业务进行处理。
非常感谢。
英文:
Currently , I have a client and server project with the same source,
so I want to distinguish if the client has to test on my swagger or the client somewhere else so I can process it according to my business.
Thank you so much.
答案1
得分: 1
注意:服务器不应该根据客户端的“元数据”去假设或猜测并基于此提供不同内容,因为它可以被自由操纵。
有关具体提到的问题。一个有帮助的方法是检查 Referer 头部。最有可能的是,Swagger Web UI 客户端会从当前页面向您的服务器发出正常的 XHR 请求。 (注意:Swagger 客户端有不同种类,不仅限于“标准”Web客户端)。并且 Referer 头部会包含类似于这样的内容:
Referer:
https://my-server.com/api/swagger/index.html
示例代码
string referer = Request.Headers["Referer"].ToString();
// 这是非常危险的代码。请将其更改为与您托管Swagger的确切位置匹配
if (!string.IsNullOrEmpty(referer) && referer.Contains("/swagger/"))
{
// 请求是从Swagger UI 发出的。
// 如果需要的话,可以对此信息采取一些操作。
}
同样,这可以被客户端轻松操纵,或者可能导致意外问题。请明确您要实现的目标,并创建另一个问题以进行讨论。
英文:
Caution: It is not normal practice for the server to assume or guess things from the client "metadata" and serve different content based on that as it can be freely manipulated
> Read more:
>
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent
>
> https://stackoverflow.com/questions/6432704/can-referer-header-be-trusted-when-using-https
For the specific question mentioned. One way that can be helpful is to check the Referer header. Most likely a Swagger Web UI client will issue a normal XHR request from the current page to your server. (Caution: There are different kind of Swagger client. Not only the 'standard' web client) And the Referer header will contain something like this
Referer:
https://my-server.com/api/swagger/index.html
Sample code
string referer = Request.Headers["Referer"].ToString();
// Very dangerous code. Change it to match the exact location where you are hosting your Swagger
if (!string.IsNullOrEmpty(referer) && referer.Contains("/swagger/"))
{
// The request was made from Swagger UI.
// Do something with this information if you want.
}
Again, this can be easily manipulated by the client and/or lead into unexpected issue. Please specify what you are trying to achieve and create another question for that instead
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论