1. 什么是referer？

跳转过去记得按一下f12点击网络请求详情，再刷新一下，就可以看见referer字段：

当我们尝试在浏览器内部直接输入这熟悉的网址时，此时刷新后则是这样一番景象：

于是你就明白了referer的基本用途，它是存在于http请求头内部的用于标识访问者来源网页的标识字段。通常在普通用户的访问下是不会出现的，常常出现于各个网页之间的相互跳转。

说到这里你想到了什么，各个网页？嗯…记得这块在网页里面引用别人的东西好像还挺多的。直接把人家的图片地址写下来，就能显示，可方便了。对，这种行为就是盗图，当然只要是可以在网页上访问的网络资源，基本上都会面临这样一种情况：被盗取资源。盗取链接与防止盗取链接形成了一个经久不衰的话题。那么今天我们就通过几个小例子来体会一下盗图与防盗图的斗争吧。好好的理解一下关于referer字段的故事。

Referer请求头包含了当前请求页面的来源页面的地址，即表示当前页面是通过此来源页面里的链接进入的。服务端一般使用Referer（注：正确英语拼写应该是referrer，由于早期HTTP规范的拼写错误，为了保持向后兼容就一直延续下来）请求头识别访问来源，可能会以此统计分析、日志记录以及缓存优化等。
真有人为了这事情发博客吐槽…哈哈 详细历史见吐槽内容

2. Referrer-policy

言归正传，学习！显然，注意刚刚访问百度的同学可以细心的发现referrer-policy这个引用者策略，其规定了referer的具体使用规则。不同的设置如下给出：

• no-referrer : 整个referee首部会被移除，访问来源信息不随着请求一起发送。
• no-referrer-when-downgrade : 在没有指定任何策略的情况下用户代理的默认行为。在同等安全级别的情况下，引用页面的地址会被发送(HTTPS->HTTPS)，但是在降级的情况下不会被发送 (HTTPS->HTTP).
• origin: 在任何情况下，仅发送文件的源作为引用地址。例如 http://example.com/page.html 会将 http://example.com/ 作为引用地址。
• origin-when-cross-origin: 对于同源的请求，会发送完整的URL作为引用地址，但是对于非同源请求仅发送文件的源。
• same-origin: 对于同源的请求会发送引用地址，但是对于非同源请求则不发送引用地址信息。
• strict-origin： 在同等安全级别的情况下，发送文件的源作为引用地址(HTTPS->HTTPS)，但是在降级的情况下不会发送 (HTTPS->HTTP)。
  – strict-origin-when-cross-origin： 对于同源的请求，会发送完整的URL作为引用地址；在同等安全级别的情况下，发送文件的源作为引用地址(HTTPS->HTTPS)；在降级的情况下不发送此首部 (HTTPS->HTTP)。
• unsafe-url： 无论是同源请求还是非同源请求，都发送完整的 URL（移除参数信息之后）作为引用地址。（最不安全了）

3.设置referrer

可以在HTML里面设置meta标签

<http://blog.csdn.net/qq_55316925/article/details/metahttp://blog.csdn.net/qq_55316925/article/details/ namehttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/referrer"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/origin"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/

也可以用、、

2. 配置server端

server目录下创建server.js用于建立服务

lethttp://blog.csdn.net/qq_55316925/article/details/ https =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"https"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ fs =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"fs"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ url =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"url"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ path =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"path"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
// 白名单http://blog.csdn.net/qq_55316925/article/details/
consthttp://blog.csdn.net/qq_55316925/article/details/ whiteList =http://blog.csdn.net/qq_55316925/article/details/ [http://blog.csdn.net/qq_55316925/article/details/"192.168.2.169:80"http://blog.csdn.net/qq_55316925/article/details/]http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
consthttp://blog.csdn.net/qq_55316925/article/details/ options =http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
keyhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ fs.http://blog.csdn.net/qq_55316925/article/details/readFileSynchttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"./keys/server.key"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
certhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ fs.http://blog.csdn.net/qq_55316925/article/details/readFileSynchttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"./keys/server.crt"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
https
.http://blog.csdn.net/qq_55316925/article/details/createServerhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/options,http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/req,http://blog.csdn.net/qq_55316925/article/details/ reshttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ refer =http://blog.csdn.net/qq_55316925/article/details/ req.http://blog.csdn.net/qq_55316925/article/details/headers[http://blog.csdn.net/qq_55316925/article/details/"referer"http://blog.csdn.net/qq_55316925/article/details/]http://blog.csdn.net/qq_55316925/article/details/ ||http://blog.csdn.net/qq_55316925/article/details/ req.http://blog.csdn.net/qq_55316925/article/details/headers[http://blog.csdn.net/qq_55316925/article/details/"refer"http://blog.csdn.net/qq_55316925/article/details/]http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
console.http://blog.csdn.net/qq_55316925/article/details/loghttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'refer----'http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ refer,http://blog.csdn.net/qq_55316925/article/details/ req.http://blog.csdn.net/qq_55316925/article/details/url)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/setHeaderhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"Access-Control-Allow-Origin"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ "*"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
ifhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/refer)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ referHostName =http://blog.csdn.net/qq_55316925/article/details/ url.http://blog.csdn.net/qq_55316925/article/details/parsehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/refer,http://blog.csdn.net/qq_55316925/article/details/ truehttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/host;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ currentHostName =http://blog.csdn.net/qq_55316925/article/details/ url.http://blog.csdn.net/qq_55316925/article/details/parsehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/req.http://blog.csdn.net/qq_55316925/article/details/url,http://blog.csdn.net/qq_55316925/article/details/ truehttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/host;http://blog.csdn.net/qq_55316925/article/details/
console.http://blog.csdn.net/qq_55316925/article/details/loghttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/referHostName,http://blog.csdn.net/qq_55316925/article/details/ currentHostName,http://blog.csdn.net/qq_55316925/article/details/ '--=='http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/
// 当referer不为空, 但host未能命中目标网站且不在白名单内时, 返回错误的图http://blog.csdn.net/qq_55316925/article/details/
ifhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/
referHostName !=http://blog.csdn.net/qq_55316925/article/details/ currentHostName &&http://blog.csdn.net/qq_55316925/article/details/
whiteList.http://blog.csdn.net/qq_55316925/article/details/indexOfhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/referHostName)http://blog.csdn.net/qq_55316925/article/details/ ==http://blog.csdn.net/qq_55316925/article/details/ -http://blog.csdn.net/qq_55316925/article/details/1http://blog.csdn.net/qq_55316925/article/details/
)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/setHeaderhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"Content-Type"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ "image/jpeg"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
fs.http://blog.csdn.net/qq_55316925/article/details/createReadStreamhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/path.http://blog.csdn.net/qq_55316925/article/details/joinhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/__dirname,http://blog.csdn.net/qq_55316925/article/details/ "/src/img/403.jpg"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/pipehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/res)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
returnhttp://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
// 当referer为空时, 返回正确的图http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/setHeaderhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"Content-Type"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ "image/jpeg"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
fs.http://blog.csdn.net/qq_55316925/article/details/createReadStreamhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/path.http://blog.csdn.net/qq_55316925/article/details/joinhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/__dirname,http://blog.csdn.net/qq_55316925/article/details/ "/src/img/1.jpg"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/pipehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/res)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/listenhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/9999http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/

监听的是9999端口，用于模拟被偷服务器，在其对应的src目录下放上相应的资源


3.配置client端

服务端的nodejs文件client.js

lethttp://blog.csdn.net/qq_55316925/article/details/ https =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"https"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ fs =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"fs"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ url =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"url"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ path =http://blog.csdn.net/qq_55316925/article/details/ requirehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"path"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
varhttp://blog.csdn.net/qq_55316925/article/details/ options =http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
hostnamehttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ "localhost"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
porthttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ 8000http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
pathhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ "/"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
methodhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ "GET"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
rejectUnauthorizedhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ falsehttp://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
keyhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ fs.http://blog.csdn.net/qq_55316925/article/details/readFileSynchttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"./keys/client.key"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
certhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ fs.http://blog.csdn.net/qq_55316925/article/details/readFileSynchttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"./keys/client.crt"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
cahttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ [http://blog.csdn.net/qq_55316925/article/details/fs.http://blog.csdn.net/qq_55316925/article/details/readFileSynchttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"../ca/ca.crt"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/]http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
// 创建服务器http://blog.csdn.net/qq_55316925/article/details/
https.http://blog.csdn.net/qq_55316925/article/details/createServerhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/options,http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/req,http://blog.csdn.net/qq_55316925/article/details/ reshttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ staticPath =http://blog.csdn.net/qq_55316925/article/details/ path.http://blog.csdn.net/qq_55316925/article/details/joinhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/__dirname,http://blog.csdn.net/qq_55316925/article/details/ "src"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ pathObj =http://blog.csdn.net/qq_55316925/article/details/ url.http://blog.csdn.net/qq_55316925/article/details/parsehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/req.http://blog.csdn.net/qq_55316925/article/details/url,http://blog.csdn.net/qq_55316925/article/details/ truehttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
ifhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/pathObj.http://blog.csdn.net/qq_55316925/article/details/pathname ===http://blog.csdn.net/qq_55316925/article/details/ "/"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
pathObj.http://blog.csdn.net/qq_55316925/article/details/pathname +=http://blog.csdn.net/qq_55316925/article/details/ "index.html"http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
//  读取静态目录里面的文件，然后发送出去http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ filePath =http://blog.csdn.net/qq_55316925/article/details/ path.http://blog.csdn.net/qq_55316925/article/details/joinhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/staticPath,http://blog.csdn.net/qq_55316925/article/details/ pathObj.http://blog.csdn.net/qq_55316925/article/details/pathname)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
fs.http://blog.csdn.net/qq_55316925/article/details/readFilehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/filePath,http://blog.csdn.net/qq_55316925/article/details/ "binary"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/err,http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
ifhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/err)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/writeHeadhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/404http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ "Not Found"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/endhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"
404 Not Found
"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/ elsehttp://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/writeHeadhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/200http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ "OK"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/writehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/content,http://blog.csdn.net/qq_55316925/article/details/ "binary"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
res.http://blog.csdn.net/qq_55316925/article/details/endhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/listenhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/8080http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/

配置client首页文件

[http://blog.csdn.net/qq_55316925/article/details/root@blackstone client]http://blog.csdn.net/qq_55316925/article/details/# cat ./src/index.htmlhttp://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/!http://blog.csdn.net/qq_55316925/article/details/DOCTYPE html>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/html langhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"en"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/head>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/meta charsethttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"UTF-8"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/meta namehttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"viewport"http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"width=device-width, initial-scale=1.0"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/meta http-equiv=http://blog.csdn.net/qq_55316925/article/details/"X-UA-Compatible"http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"ie=edge"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/title>http://blog.csdn.net/qq_55316925/article/details/client<http://blog.csdn.net/qq_55316925/article/details//title>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details//head>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/body>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/h1http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/client页面<http://blog.csdn.net/qq_55316925/article/details//h1http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/div idhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"container"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/!http://blog.csdn.net/qq_55316925/article/details/-- <http://blog.csdn.net/qq_55316925/article/details/img srchttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://192.168.2.169:9999/"http://blog.csdn.net/qq_55316925/article/details/ referrerpolicyhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"no-referrer"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/ -->http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/img srchttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://192.168.2.169:9999"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details//div>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/!http://blog.csdn.net/qq_55316925/article/details/-- <http://blog.csdn.net/qq_55316925/article/details/script srchttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"js/fetchImg.js"http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/<http://blog.csdn.net/qq_55316925/article/details//script>http://blog.csdn.net/qq_55316925/article/details/ -->http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details//body>http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details//html>http://blog.csdn.net/qq_55316925/article/details/

4.在浏览器上测试盗链情况

依次分别运行server和client

[http://blog.csdn.net/qq_55316925/article/details/root@blackstone server]http://blog.csdn.net/qq_55316925/article/details/# node server.jshttp://blog.csdn.net/qq_55316925/article/details/
[http://blog.csdn.net/qq_55316925/article/details/root@blackstone client]http://blog.csdn.net/qq_55316925/article/details/# node client.jshttp://blog.csdn.net/qq_55316925/article/details/

使用火狐浏览器测试访问：


可以看到，尽管我们尝试进行盗链，但是因为浏览器的安全限定，无法显示偷出来的图片，我们掏出超低版本的浏览器试试。。。经测试暂时无果，这个古老的方案大抵是被禁用掉了。
点击此处获取老版本浏览器


4.2 使用meta

<http://blog.csdn.net/qq_55316925/article/details/metahttp://blog.csdn.net/qq_55316925/article/details/ namehttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/referrer"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/no-referrer"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/ />http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/


可以清晰的看到，设置后发出的https请求已经没了referer字段，正常请求到了图片

4.3 设置referrerpolicy=“no-referrer”

在标签旁设置上这个属性就行

<http://blog.csdn.net/qq_55316925/article/details/imghttp://blog.csdn.net/qq_55316925/article/details/ srchttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/http://192.168.2.169:9999/"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/ referrerpolicyhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/no-referrer"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/

4.4 利用iframe伪造请求referer

functionhttp://blog.csdn.net/qq_55316925/article/details/ showImghttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/src,http://blog.csdn.net/qq_55316925/article/details/ wrapperhttp://blog.csdn.net/qq_55316925/article/details/ )http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ url =http://blog.csdn.net/qq_55316925/article/details/ newhttp://blog.csdn.net/qq_55316925/article/details/ URLhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/src)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ frameid =http://blog.csdn.net/qq_55316925/article/details/ 'frameimg'http://blog.csdn.net/qq_55316925/article/details/ +http://blog.csdn.net/qq_55316925/article/details/ Math.http://blog.csdn.net/qq_55316925/article/details/randomhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
window.http://blog.csdn.net/qq_55316925/article/details/img =http://blog.csdn.net/qq_55316925/article/details/ `http://blog.csdn.net/qq_55316925/article/details/<img src="http://blog.csdn.net/qq_55316925/article/details/${http://blog.csdn.net/qq_55316925/article/details/url}http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/" alt="图片加载失败，请稍后再试"/> http://blog.csdn.net/qq_55316925/article/details/`http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
// 构造一个iframehttp://blog.csdn.net/qq_55316925/article/details/
iframe =http://blog.csdn.net/qq_55316925/article/details/ document.http://blog.csdn.net/qq_55316925/article/details/createElementhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'iframe'http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/id =http://blog.csdn.net/qq_55316925/article/details/ frameid
iframe.http://blog.csdn.net/qq_55316925/article/details/src =http://blog.csdn.net/qq_55316925/article/details/ "javascript:parent.img;"http://blog.csdn.net/qq_55316925/article/details/ // 通过内联的javascript，设置iframe的srchttp://blog.csdn.net/qq_55316925/article/details/
// 校正iframe的尺寸，完整展示图片http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/onloadhttp://blog.csdn.net/qq_55316925/article/details/ =http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
varhttp://blog.csdn.net/qq_55316925/article/details/ img =http://blog.csdn.net/qq_55316925/article/details/ iframe.http://blog.csdn.net/qq_55316925/article/details/contentDocument.http://blog.csdn.net/qq_55316925/article/details/getElementByIdhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"tmpImg"http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/
ifhttp://blog.csdn.net/qq_55316925/article/details/ (http://blog.csdn.net/qq_55316925/article/details/img)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/height =http://blog.csdn.net/qq_55316925/article/details/ img.http://blog.csdn.net/qq_55316925/article/details/height +http://blog.csdn.net/qq_55316925/article/details/ 'px'http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/width =http://blog.csdn.net/qq_55316925/article/details/ img.http://blog.csdn.net/qq_55316925/article/details/width +http://blog.csdn.net/qq_55316925/article/details/ 'px'http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/width =http://blog.csdn.net/qq_55316925/article/details/ 10http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/height =http://blog.csdn.net/qq_55316925/article/details/ 10http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/scrolling =http://blog.csdn.net/qq_55316925/article/details/ "no"http://blog.csdn.net/qq_55316925/article/details/
iframe.http://blog.csdn.net/qq_55316925/article/details/frameBorder =http://blog.csdn.net/qq_55316925/article/details/ "0"http://blog.csdn.net/qq_55316925/article/details/
wrapper.http://blog.csdn.net/qq_55316925/article/details/appendChildhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/iframe)http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
showImghttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'http://192.168.2.169:9999'http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ document.http://blog.csdn.net/qq_55316925/article/details/querySelectorhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'#container'http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/

4.5 客户端在请求时修改header头部

4.5.1 利用XMLHttpRequest

XMLHttpRequest中setRequestHeader方法，用于向请求头添加或修改字段。我们能不能手动将修改 referer字段呢？
演示代码：

<!http://blog.csdn.net/qq_55316925/article/details/DOCTYPEhttp://blog.csdn.net/qq_55316925/article/details/ htmlhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/htmlhttp://blog.csdn.net/qq_55316925/article/details/ langhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/en"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/headhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/metahttp://blog.csdn.net/qq_55316925/article/details/ charsethttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/UTF-8"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/metahttp://blog.csdn.net/qq_55316925/article/details/ namehttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/viewport"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/width=device-width, initial-scale=1.0"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/metahttp://blog.csdn.net/qq_55316925/article/details/ http-equivhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/X-UA-Compatible"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/ contenthttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/ie=edge"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/titlehttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/client</http://blog.csdn.net/qq_55316925/article/details/titlehttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
</http://blog.csdn.net/qq_55316925/article/details/headhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/bodyhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/h1http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/client页面</http://blog.csdn.net/qq_55316925/article/details/h1http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/divhttp://blog.csdn.net/qq_55316925/article/details/ idhttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/container"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
</http://blog.csdn.net/qq_55316925/article/details/divhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
</http://blog.csdn.net/qq_55316925/article/details/bodyhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
<http://blog.csdn.net/qq_55316925/article/details/scripthttp://blog.csdn.net/qq_55316925/article/details/ srchttp://blog.csdn.net/qq_55316925/article/details/=http://blog.csdn.net/qq_55316925/article/details/"http://blog.csdn.net/qq_55316925/article/details/./03.js"http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/</http://blog.csdn.net/qq_55316925/article/details/scripthttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/
</http://blog.csdn.net/qq_55316925/article/details/htmlhttp://blog.csdn.net/qq_55316925/article/details/>http://blog.csdn.net/qq_55316925/article/details/http://blog.csdn.net/qq_55316925/article/details/

// 通过ajax下载图片http://blog.csdn.net/qq_55316925/article/details/
functionhttp://blog.csdn.net/qq_55316925/article/details/ loadImagehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/urihttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
returnhttp://blog.csdn.net/qq_55316925/article/details/ newhttp://blog.csdn.net/qq_55316925/article/details/ Promisehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/resolvehttp://blog.csdn.net/qq_55316925/article/details/ =>http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ xhr =http://blog.csdn.net/qq_55316925/article/details/ newhttp://blog.csdn.net/qq_55316925/article/details/ XMLHttpRequesthttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
xhr.http://blog.csdn.net/qq_55316925/article/details/responseType =http://blog.csdn.net/qq_55316925/article/details/ "blob"http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
xhr.http://blog.csdn.net/qq_55316925/article/details/onloadhttp://blog.csdn.net/qq_55316925/article/details/ =http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
resolvehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/xhr.http://blog.csdn.net/qq_55316925/article/details/response)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
xhr.http://blog.csdn.net/qq_55316925/article/details/openhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"GET"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ uri,http://blog.csdn.net/qq_55316925/article/details/ truehttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
// 通过setRequestHeader设置header不会生效http://blog.csdn.net/qq_55316925/article/details/
// 会提示 Refused to set unsafe header "Referer"http://blog.csdn.net/qq_55316925/article/details/
xhr.http://blog.csdn.net/qq_55316925/article/details/setRequestHeaderhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/"Referer"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ ""http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/ 
xhr.http://blog.csdn.net/qq_55316925/article/details/sendhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
// 将下载下来的二进制大对象数据转换成base64，然后展示在页面上http://blog.csdn.net/qq_55316925/article/details/
functionhttp://blog.csdn.net/qq_55316925/article/details/ handleBlobhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blobhttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ reader =http://blog.csdn.net/qq_55316925/article/details/ newhttp://blog.csdn.net/qq_55316925/article/details/ FileReaderhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
reader.http://blog.csdn.net/qq_55316925/article/details/onloadhttp://blog.csdn.net/qq_55316925/article/details/ =http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/evthttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ img =http://blog.csdn.net/qq_55316925/article/details/ document.http://blog.csdn.net/qq_55316925/article/details/createElementhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'img'http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
img.http://blog.csdn.net/qq_55316925/article/details/src =http://blog.csdn.net/qq_55316925/article/details/ evt.http://blog.csdn.net/qq_55316925/article/details/target.http://blog.csdn.net/qq_55316925/article/details/result;http://blog.csdn.net/qq_55316925/article/details/
document.http://blog.csdn.net/qq_55316925/article/details/getElementByIdhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'container'http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/appendChildhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/img)http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
reader.http://blog.csdn.net/qq_55316925/article/details/readAsDataURLhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blob)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
consthttp://blog.csdn.net/qq_55316925/article/details/ imgSrc =http://blog.csdn.net/qq_55316925/article/details/ "http://tiebapic.baidu.com/forum/w%3D580%3B/sign=f88eb0f2cf82b9013dadc33b43b6ab77/562c11dfa9ec8a135455cc35b203918fa1ecc09c.jpg"http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
loadImagehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/imgSrc)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/thenhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blobhttp://blog.csdn.net/qq_55316925/article/details/ =>http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
handleBlobhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blob)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/


可以看见setRequestHeader设置referer响应头是无效的，这是由于浏览器为了安全起见，无法手动设置部分保留字段，不幸的是Referer恰好就是保留字段之一，详情列表参考Forbidden header name。

可见使用xmlhttprequest提供的方法用AJAX同源请求无法完成这一操作。使用fetch可以解决这一问题。

4.5.2 利用fetch

// 将下载下来的二进制大对象数据转换成base64，然后展示在页面上http://blog.csdn.net/qq_55316925/article/details/
functionhttp://blog.csdn.net/qq_55316925/article/details/ handleBlobhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blobhttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ reader =http://blog.csdn.net/qq_55316925/article/details/ newhttp://blog.csdn.net/qq_55316925/article/details/ FileReaderhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
reader.http://blog.csdn.net/qq_55316925/article/details/onloadhttp://blog.csdn.net/qq_55316925/article/details/ =http://blog.csdn.net/qq_55316925/article/details/ functionhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/evthttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
lethttp://blog.csdn.net/qq_55316925/article/details/ img =http://blog.csdn.net/qq_55316925/article/details/ document.http://blog.csdn.net/qq_55316925/article/details/createElementhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'img'http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
img.http://blog.csdn.net/qq_55316925/article/details/src =http://blog.csdn.net/qq_55316925/article/details/ evt.http://blog.csdn.net/qq_55316925/article/details/target.http://blog.csdn.net/qq_55316925/article/details/result;http://blog.csdn.net/qq_55316925/article/details/
document.http://blog.csdn.net/qq_55316925/article/details/getElementByIdhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/'container'http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/appendChildhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/img)http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
reader.http://blog.csdn.net/qq_55316925/article/details/readAsDataURLhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blob)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
consthttp://blog.csdn.net/qq_55316925/article/details/ imgSrc =http://blog.csdn.net/qq_55316925/article/details/ "http://192.168.2.169:9999"http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
functionhttp://blog.csdn.net/qq_55316925/article/details/ fetchImagehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/urlhttp://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
returnhttp://blog.csdn.net/qq_55316925/article/details/ fetchhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/url,http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
headershttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
// "Referer": "", // 这里设置无效http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/
methodhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ "GET"http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/  
referrerhttp://blog.csdn.net/qq_55316925/article/details/:http://blog.csdn.net/qq_55316925/article/details/ ""http://blog.csdn.net/qq_55316925/article/details/,http://blog.csdn.net/qq_55316925/article/details/ // 将referer置空http://blog.csdn.net/qq_55316925/article/details/
// referrerPolicy: 'no-referrer', http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/thenhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/responsehttp://blog.csdn.net/qq_55316925/article/details/ =>http://blog.csdn.net/qq_55316925/article/details/ response.http://blog.csdn.net/qq_55316925/article/details/blobhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/
fetchImagehttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/imgSrc)http://blog.csdn.net/qq_55316925/article/details/.http://blog.csdn.net/qq_55316925/article/details/thenhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blobhttp://blog.csdn.net/qq_55316925/article/details/ =>http://blog.csdn.net/qq_55316925/article/details/ {http://blog.csdn.net/qq_55316925/article/details/
handleBlobhttp://blog.csdn.net/qq_55316925/article/details/(http://blog.csdn.net/qq_55316925/article/details/blob)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/
}http://blog.csdn.net/qq_55316925/article/details/)http://blog.csdn.net/qq_55316925/article/details/;http://blog.csdn.net/qq_55316925/article/details/

可以看到这里的请求明显没了referer字段

4.6 服务器做图片中转

更加"刑"的方法就是直接搭建一个中转服务器，代理盗链者对目标资源进行正常请求，并将获取到的资源进行转发。

5.应对策略

当然，在上面罗列了那么多的绕过防盗链手法中，大部分的方法就是人为或者自动的取消掉自己的referer头部伪装成普通用户的正常访问去获取资源。要解决这个问题可以从以下几个方面去开展：

1.动态文件名，定期更换文件名称或者路径

2.判定引用地址，一般是判断浏览器请求时HTTP头的Referer字段的值

3.使用登录验证，cookie

4.图片加水印

5.可以购买一些安全服务对服务器的请求进行过滤