URL跳转和URL重定向的区别:
- 地址栏变化:URL跳转地址栏不变,重定向地址栏会变;
- 服务端还是浏览器端跳转:URL跳转是服务端跳转,重定向是客户端跳转
URL重定向:
Java关键字
1
2
3
4
| sendRedirect
setHeader
redirect
...
|
示例:
两种方式重定向,sendRedirect或者setHeader,如下代码跳转的url可控,存在重定向问题。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| public class RedirectServlert extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String url = req.getParameter("url");
resp.sendRedirect(url);
resp.setStatus(HttpServletResponse.SC_FOUND);
resp.setHeader("Location",url);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
|
URL跳转:
Java关键字
示例:
用getRequestDispatcher(uri).forward()转发请求,uri可控。
1
2
3
4
5
6
7
8
9
10
11
12
| public class ForwardServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String uri = req.getParameter("uri");
req.getRequestDispatcher(uri).forward(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
|
URL重定向修复方法:
- 使用白名单校验重定向的 url 地址;
- 向用户提示安全风险,由用户再次确认是否跳转(微信等应用常见)。
参考链接:
https://www.dazhuanlan.com/uamyall/topics/1034221