{"id":16781,"date":"2018-02-27T05:00:21","date_gmt":"2018-02-26T20:00:21","guid":{"rendered":"http:\/\/www.techscore.com\/blog\/?p=16781"},"modified":"2018-11-14T16:33:41","modified_gmt":"2018-11-14T07:33:41","slug":"referer","status":"publish","type":"post","link":"https:\/\/www.techscore.com\/blog\/2018\/02\/27\/referer\/","title":{"rendered":"Referer \u306e\u30b9\u30da\u30eb\u306f\u3055\u3066\u304a\u304d"},"content":{"rendered":"<p><img src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2018\/02\/shutterstock_567959128.jpg\" alt=\"\" width=\"300\" xheight=\"225\" xclass=\"alignnone size-medium wp-image-16784\" \/><br \/>\n<span style=\"color: gray;\">\uff08new photo \/ Shutterstock.com\uff09<\/span><\/p>\n<p>\u3053\u3093\u306b\u3061\u306f\u3001\u4e2d\u5c71\u3067\u3059\uff08\u5199\u771f\u306f \u2026 \u9069\u5f53\u306a\u3082\u306e\u304c\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\uff09\u3002<br \/>\n\u4e16\u306e\u4e2d\u306e Web \u30b5\u30a4\u30c8\u306e HTTPS \u5316\u304c <a href=\"http:\/\/www.techscore.com\/blog\/2017\/12\/10\/phishing\/#ssl\" target=\"_blank\">\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u30b5\u30a4\u30c8\u3082\u542b\u3081\u3066\uff08\u7b11\uff09<\/a> \u9032\u3093\u3067\u3044\u307e\u3059\u3002<\/p>\n<p>\u4e00\u65b9\u3067 <a href=\"https:\/\/tools.ietf.org\/html\/rfc7231#section-5.5.2\" target=\"_blank\">RFC<\/a> \u306b\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5b9a\u3081\u3089\u308c\u3001HTTP Referer \u3092\u5229\u7528\u3059\u308b\u30b5\u30fc\u30d3\u30b9\u3067\u306f HTTPS \u5316\u306b\u4f34\u3046\u5f71\u97ff\u304c\u767a\u751f\u3057\u307e\u3059\u3002<\/p>\n<blockquote><p>\n5.5.2. Referer<br \/>\nA user agent MUST NOT send a Referer header field in an unsecured HTTP request if the referring page was received with a secure protocol.\n<\/p><\/blockquote>\n<p>\u3055\u3089\u306b <a href=\"https:\/\/w3c.github.io\/webappsec-referrer-policy\/#referrer-policy-header\" target=\"_blank\">Referrer-Policy<\/a> \u3082\u8003\u616e\u3057\u3064\u3064\u3001\u4eca\u56de\u306f HTTPS \u3068 Referrer-Policy \u3068 HTTP Referer \u306e\u95a2\u4fc2\u6027\u3092\u691c\u8a3c\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<h2>\u901a\u5e38\u306e\u30da\u30fc\u30b8\u9077\u79fb\u306e\u5834\u5408<\/h2>\n<p>\u307e\u305a\u306f\u4e0b\u56f3\u306e\u3088\u3046\u306a\u901a\u5e38\u306e\u30da\u30fc\u30b8\u9077\u79fb\u306b\u3064\u3044\u3066\u3002<\/p>\n<p><img src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2018\/02\/i1.png\" alt=\"\" xwidth=\"300\" xheight=\"225\" class=\"alignnone size-medium wp-image-16785\" \/><\/p>\n<p>Referrer-Policy \u306b\u306f<\/p>\n<ul>\n<li><i>no-referrer<\/i><\/li>\n<li><i>no-referrer-when-downgrade<\/i><\/li>\n<li><i>origin<\/i><\/li>\n<li><i>origin-when-cross-origin<\/i><\/li>\n<li><i>same-origin<\/i><\/li>\n<li><i>strict-origin<\/i><\/li>\n<li><i>strict-origin-when-cross-origin<\/i><\/li>\n<li><i>unsafe-url<\/i><\/li>\n<\/ul>\n<p>\u3068\u3001\u7d30\u304b\u306a\u6307\u5b9a\u304c\u53ef\u80fd\u3067\u3059\u304c\u3001\u4eca\u56de\u306f HTTP Referer \u304c\u9001\u4fe1\u3055\u308c\u308b\u304b\u5426\u304b\u3092\u30b7\u30f3\u30d7\u30eb\u306b\u691c\u8a3c\u3059\u308b\u305f\u3081<\/p>\n<ol>\n<li>Referrer-Policy \u7121\u3057<\/li>\n<li><i>unsafe-url<\/i>\uff08\u5e38\u306b HTTP Referer \u3092\u9001\u4fe1\u3059\u308b\u6307\u793a\uff09<\/li>\n<li><i>no-referrer<\/i>\uff08\u5e38\u306b HTTP Referer \u3092\u9001\u4fe1\u3057\u306a\u3044\u6307\u793a\uff09<\/i><\/li>\n<\/ol>\n<p>\u306e\u6761\u4ef6\u3067\u30af\u30a8\u30ea \u2461 \u306e HTTP Referer \u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<br \/>\n\u7d50\u679c\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3057\u305f\u3002<\/p>\n<p><img src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2018\/02\/m1.png\" alt=\"\" xwidth=\"300\" xheight=\"165\" class=\"alignnone size-medium wp-image-16787\" \/><\/p>\n<p>Chrome\uff0864.0.3282.140\uff09\u3068 Firefox\uff0858.0.2\uff09\u3068\u3082\u306b Referrer-Policy \u304c\u3042\u308c\u3070\u305d\u308c\u306b\u5f93\u3044\u3001\u306a\u3044\u5834\u5408\u306f RFC \u901a\u308a\u306e\u52d5\u4f5c\u3068\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<h2>\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u3092\u7d4c\u7531\u3057\u305f\u30da\u30fc\u30b8\u9077\u79fb\u306e\u5834\u5408<\/h2>\n<p>\u6b21\u3044\u3067\u4e0b\u56f3\u306e\u3088\u3046\u306a\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u3092\u7d4c\u7531\u3057\u305f\u30da\u30fc\u30b8\u9077\u79fb\u306b\u3064\u3044\u3066\u3002<br \/>\n\u5148\u7a0b\u306e\u6761\u4ef6\u3092\u639b\u3051\u5408\u308f\u305b\u3001\u30af\u30a8\u30ea \u2463 \u306e HTTP Referer \u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<p><img src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2018\/02\/i2.png\" alt=\"\" xwidth=\"300\" xheight=\"225\" class=\"alignnone size-medium wp-image-16786\" \/><\/p>\n<p>\u7d50\u679c\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3057\u305f\u3002<br \/>\n\uff08\u6a5f\u68b0\u7684\u306b\u6761\u4ef6\u3092\u639b\u3051\u5408\u308f\u305b\u305f\u305f\u3081\u3001\u30de\u30c8\u30ea\u30af\u30b9\u304c\u5de8\u5927\u3067\u3059\u304c\u3054\u5bb9\u8d66\u304f\u3060\u3055\u3044 ^^;\uff09<\/p>\n<p><img src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2018\/02\/m21.png\" alt=\"\" xwidth=\"600\" xheight=\"300\" xclass=\"alignnone size-medium wp-image-16782\" \/><\/p>\n<p><img src=\"https:\/\/www.techscore.com\/blog\/wp\/wp-content\/uploads\/2018\/02\/m22.png\" alt=\"\" xwidth=\"600\" xheight=\"300\" xclass=\"alignnone size-medium wp-image-16783\" \/><\/p>\n<p>\u3054\u89a7\u306e\u901a\u308a Chrome \u3068 Firefox \u3067\u5e7e\u3064\u304b\u7570\u306a\u308b\u7d50\u679c\u3068\u306a\u308a\u307e\u3057\u305f\u3002<br \/>\n\u3053\u306e\u7d50\u679c\u304b\u3089<\/p>\n<ul>\n<li>Chrome \u306f\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306e Referrer-Policy \u306b\u5f93\u3046<br \/>\u203b \u30da\u30fc\u30b8\uff21\u306e Referrer-Policy \u304c <i>no-referrer<\/i> \u306e\u5834\u5408\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306b HTTP Referer \u304c\u9001\u4fe1\u3055\u308c\u306a\u3044\u305f\u3081\u3001\u7d50\u679c\u3068\u3057\u3066\u30da\u30fc\u30b8\uff22\u306b\u3082 HTTP Referer \u306f\u9001\u4fe1\u3055\u308c\u307e\u305b\u3093\uff08\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306e <i>unsafe-url<\/i> \u3092\u7121\u8996\u3057\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u306a\u3044\uff09<\/li>\n<li>Firefox \u306f\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306e Referrer-Policy \u3092\u7121\u8996\u3059\u308b<\/li>\n<\/ul>\n<p>\u3068\u3044\u3046\u5b9f\u88c5\u304c\u898b\u3066\u53d6\u308c\u307e\u3059\u3002<br \/>\n\u3067\u306f <a href=\"https:\/\/w3c.github.io\/webappsec-referrer-policy\/#set-requests-referrer-policy-on-redirect\" target=\"_blank\">Referrer-Policy + \u30ea\u30c0\u30a4\u30ec\u30af\u30c8<\/a> \u306b\u95a2\u3059\u308b\u4ed5\u69d8\u3092\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n<blockquote><p>\n8.2. Set request\u2019s referrer policy on redirect<br \/>\nGiven a request request and a response actualResponse, this algorithm updates request\u2019s associated referrer policy according to the Referrer-Policy header (if any) in actualResponse.<\/p>\n<p>1. Let policy be the result of executing \u00a78.1 Parse a referrer policy from a Referrer-Policy header on actualResponse.<br \/>\n2. If policy is not the empty string, then set request\u2019s associated referrer policy to policy.\n<\/p><\/blockquote>\n<p>\u3064\u307e\u308a\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306e Referrer-Policy \u306b\u5f93\u3046 Chrome \u306e\u52d5\u4f5c\u304c\u4ed5\u69d8\u901a\u308a\u3068\u3044\u3046\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<br \/>\n\u30de\u30fc\u30b1\u30c6\u30a3\u30f3\u30b0\u95a2\u9023\u30b5\u30fc\u30d3\u30b9\u3067\u3001\u9077\u79fb\u5148\u3067 HTTP Referer \u3092\u53c2\u7167\u3055\u305b\u305f\u3044\uff08ex. \u6d41\u5165\u8a08\u6e2c\uff09\u5834\u5408\u306b\u306f<\/p>\n<ul>\n<li>\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u3092 HTTPS \u5316<\/li>\n<li>\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306e Referrer-Policy \u306b <i>unsafe-url<\/i> \u3092\u6307\u5b9a<\/li>\n<\/ul>\n<p>\u3059\u308b\u3053\u3068\u3067\u3001\u9077\u79fb\u5143\u30da\u30fc\u30b8\u306e HTTPS \u5316\u306e\u5f71\u97ff\u3092\u5c0f\u3055\u304f\u3059\u308b\u3053\u3068\u304c\u51fa\u6765\u305d\u3046\u3067\u3059\u3002<br \/>\n\u4ed6\u65b9\u3001\u79d8\u5bc6\u306b\u3057\u305f\u3044\u60c5\u5831\u304c URL \u306b\u542b\u307e\u308c\u308b\u5834\u5408\u306b\u306f\u3001\u9077\u79fb\u5143\u3067 Referrer-Policy \u306b <i>no-referrer<\/i> \u3092\u6307\u5b9a\u3059\u308b\u304b META \u8981\u7d20\u3082\u3057\u304f\u306f A \u8981\u7d20\u3067 HTTP Referer \u975e\u9001\u4fe1\u306e\u5c5e\u6027\u3092\u6307\u5b9a\u3092\u3059\u3079\u304d\u3067\u3059\u306d\u3002\u305d\u3046\u3059\u308b\u3053\u3068\u3067 HTTPS \/ HTTP \u306b\u3088\u3089\u305a\u30ea\u30c0\u30a4\u30ec\u30af\u30bf\u306b HTTP Referer \u306f\u9001\u4fe1\u3055\u308c\u307e\u305b\u3093\u306e\u3067\u3002<\/p>\n<h2>\u304a\u307e\u3051<\/h2>\n<p>\u30da\u30fc\u30b8\u9077\u79fb\u306e\u65b9\u6cd5\u306b\u7d30\u5de5\uff08\u4f8b\u3048\u3070 window.open() \u3092\u5229\u7528\u3059\u308b\u7b49\uff09\u3092\u7528\u3044\u308b\u3053\u3068\u3067 HTTP Referer \u306e\u6709\u7121\u304c\u5909\u5316\u3057\u307e\u3059\u304c\u3001\u6a5f\u4f1a\u304c\u3042\u308c\u3070\u305d\u3061\u3089\u306e\u5b9f\u9a13\u7d50\u679c\u3082\u3054\u7d39\u4ecb\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\uff08new photo \/ Shutterstock.com\uff09<\/p>\n<p>\u3053\u3093\u306b\u3061\u306f\u3001\u4e2d\u5c71\u3067\u3059\uff08\u5199\u771f\u306f \u2026 \u9069\u5f53\u306a\u3082\u306e\u304c\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\uff09\u3002<br \/>\n\u4e16\u306e\u4e2d\u306e Web \u30b5\u30a4\u30c8\u306e HTTPS \u5316\u304c \u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u30b5\u30a4\u30c8\u3082\u542b\u3081\u3066\uff08\u7b11\uff09 \u9032\u3093\u3067\u3044\u307e\u3059\u3002<br \/><a href=\"https:\/\/www.techscore.com\/blog\/2018\/02\/27\/referer\/\">\u7d9a\u304d\u3092\u8aad\u3080...<\/a><\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[18],"tags":[222,158,184],"_links":{"self":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/16781"}],"collection":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/comments?post=16781"}],"version-history":[{"count":20,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/16781\/revisions"}],"predecessor-version":[{"id":16937,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/16781\/revisions\/16937"}],"wp:attachment":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/media?parent=16781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/categories?post=16781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/tags?post=16781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}