copy some stack overflow code
为了确保我没有犯任何打字错误:
addToHeader = function (req, res, next) {
console.log("add to header called ... " + req.url);
res.header('X-XSS-Protection', '0');
next();
}
app.post('/processLogIn', addToHeader, async (req, res) => {
console.log(req.headers)
res.send()
})
不幸的是,问题仍然存在,因为X-XSS-Protection没有出现在标题中:
{ host: 'localhost:3000',
'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'accept-language': 'en-US,en;q=0.5',
'accept-encoding': 'gzip, deflate',
referer: 'http://localhost:3000/logIn',
'content-type': 'application/x-www-form-urlencoded',
'content-length': '53',
dnt: '1',
connection: 'keep-alive',
cookie: 'io=ws5aQuqAjplpBAZyAAAA',
'upgrade-insecure-requests': '1',
'cache-control': 'max-age=0' }
const express = require('express')
let app = express();
带套装:
addToHeader = function (req, res, next) {
console.log("add to header called ... " + req.url);
res.set('X-XSS-Protection', '0');
next();
}
{host:'localhost:3000',
accept:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
‘接受语言’:‘恩我们,恩;q=0.5’,
“接受编码”:“gzip,deflate”,
推荐人:'http://localhost:3000/logIn',
“内容类型”:“应用程序/x-www-form-urlencoded”,
dnt:'1',
连接:“保持活力”,
cookie:'io=ws5aqajplpbazyaaaa',
“缓存控制”:“最大年龄=0”}