问题
I have a web site and I have implemented my own request throttling for extra security.
The problem is that, from one particular machine, I get duplicate requests, almost identical between them. The two requests are generated with millisecond time-difference between them.
The original request is executed when some JavaScript code submits a form programmatically.
The only difference between them is that the first request has this header defined:
Sec-Fetch-User: ?1
Based on this page, it seems that the header means that the 1st request was NOT generated by a user?
The text is quite technical and I could not drill down much into what this ?1 means.
Can anyone enlighten me? Does it mean that it was generated by a tool and that I can simply deny to serve requests with that header?
Also, this seems to happen from any browser on the device (Win10 OS). Any idea what kind of software is doing this and why?
UPDATE:
After looking at this question, I tried tested with non-Chromium-based browsers on the same machine and I have the impression that it is not happening on those browsers.
But I wonder why this happens mostly on this particular machine and what is the meaning of this behavior.
回答1:
The answer can be found into this IETF draft, ?1 actually means true. So the first request you observe is likely being triggered by the user (when submitting the form), and the second one isn't.
来源:https://stackoverflow.com/questions/59860648/duplicate-request-with-sec-fetch-user-1-header-messes-up-my-request-throttli