GetAsync for fbcdn返回403禁止？

2018-07-03 16:56:26

注意：我已经改变了这个问题，试图让它更多地指出问题。 下面的评论不再反映这个问题。

我试图从fbcdn获取这个图像：

https://scontent.xx.fbcdn.net/v/t1.0-1/c15.0.50.50/p50x50/10354686_10150004552801856_220367501106153455_n.jpg?oh=6c801f82cd5a32fd6e5a4258ce00a314&oe=589AAD2F

浏览器得到它很好。这是我的代码：

public class ReverseProxyController : NancyModule
{
    public ReverseProxyController()
    {
        Get["/", true] = async (parameters, ct) =>
        {
            var result = await GetResult(parameters, ct);
            return result;
        };
    }

    private async Task<Response> GetResult(dynamic parameters, CancellationToken ct)
    {
        var client = new HttpClient();
        string url = Request.Query["url"].Value.ToString();
        if (url == null) return null;

        client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
        client.DefaultRequestHeaders.Add("User-Agent",
            "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36");
        client.DefaultRequestHeaders.Add("Upgrade-Insecure-Requests", "1");
        client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
        client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, sdch, br");
        client.DefaultRequestHeaders.Add("Accept-Language", "en-US,en;q=0.8,ru;q=0.6");
        var response = await client.GetAsync(url, ct);

        ct.ThrowIfCancellationRequested();


        switch (response.StatusCode)
        {
            case HttpStatusCode.OK:
                var stream = await response.Content.ReadAsStreamAsync();

                return Response.FromStream(stream, response.Content.Headers.ContentType != null
                    ? response.Content.Headers.ContentType.ToString()
                    : "application/octet-stream");

            default:
                return Response.AsText("nError " + response.StatusCode);
        }
    }
}

我每次都得到403禁止回复。我认为添加标题会使它工作，但不行。

此代码适用于其他主机上的其他图像，例如：

https://s-media-cache-ak0.pinimg.com/564x/ff/f0/c9/fff0c988a4516659d4009f60e0694cb6.jpg

问题在于从南希请求的URL检索，而不是使用HttpClient获取数据。

我假设你正在向南非发送请求，如：

HTTP：//本地主机/ URL = ...

因此对于Facebook来说，这将是：

HTTP：//本地主机/ URL = HTTPS：//scontent.xx.fbcdn.net/v/t1.0-1/c15.0.50.50/p50x50/10354686_10150004552801856_220367501106153455_n.jpg哦= 6c801f82cd5a32fd6e5a4258ce00a314＆OE = 589AAD2F

但是对于这个url string url = Request.Query["url"].Value.ToString(); 是不完整的，并且遗漏了最后一部分（＆oe = 589AAD2F），因此服务器对Forbidden进行响应。

在这里输入图像描述

以下是演示问题的简单更改：

private async Task<Response> GetResult(dynamic parameters, CancellationToken ct)
{
    var client = new HttpClient();
    var req = Request.Url.ToString();
    var queryStart = req.IndexOf("url=");
    if (queryStart == -1)
        return Nancy.HttpStatusCode.BadRequest;

    var url = req.Substring(queryStart + 4);
    if (string.IsNullOrEmpty(url))
        return Nancy.HttpStatusCode.BadRequest;

    client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
    client.DefaultRequestHeaders.Add("User-Agent",
        "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36");
    client.DefaultRequestHeaders.Add("Upgrade-Insecure-Requests", "1");
    client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
    client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, sdch, br");
    client.DefaultRequestHeaders.Add("Accept-Language", "en-US,en;q=0.8,ru;q=0.6");
    var response = await client.GetAsync(url, ct);

    ct.ThrowIfCancellationRequested();


    switch (response.StatusCode)
    {
        case System.Net.HttpStatusCode.OK:
            var stream = await response.Content.ReadAsStreamAsync();

            return Response.FromStream(stream, response.Content.Headers.ContentType != null
                ? response.Content.Headers.ContentType.ToString()
                : "application/octet-stream");

        default:
            return Response.AsText("nError " + response.StatusCode);
    }
}

解

我们实际上可以在发送URL之前对URL进行编码，Nancy会自动为我们解码URL，因此不需要更改任何服务器端的内容。

这是一个使用HttpUtility.UrlEncode生成的链接示例

https://scontent.xx.fbcdn.net/v/t1.0-1/c15.0.50.50/p50x50/10354686_10150004552801856_220367501106153455_n.jpg?oh=6c801f82cd5a32fd6e5a4258ce00a314&oe=589AAD2F

结果：

HTTPS％3A％2F％2fscontent.xx.fbcdn.net％2FV％2ft1.0-1％2fc15.0.50.50％2fp50x50％2f10354686_10150004552801856_220367501106153455_n.jpg％3foh％3d6c801f82cd5a32fd6e5a4258ce00a314％26oe％3d589AAD2F

并且对于这个特定链接的实际请求将是：

HTTP：//本地主机：9876 / URL = HTTPS％3A％2F％2fscontent.xx.fbcdn.net％2FV％2ft1.0-1％2fc15.0.50.50％2fp50x50％2f10354686_10150004552801856_220367501106153455_n.jpg％3foh％3d6c801f82cd5a32fd6e5a4258ce00a314％26oe ％3d589AAD2F

替代解决方案

在这种情况下，我个人更喜欢POST over GET，所以这里是：

public class ReverseProxyController : NancyModule
{
    class ProxyRequest
    {
        public string Url { get; set; }
    }

    public ReverseProxyController()
    {
        Post["/", true] = async (parameters, ct) =>
        {
            var result = await GetResult(parameters, ct);
            return result;
        };
    }

    private async Task<Response> GetResult(dynamic parameters, CancellationToken ct)
    {
        var pReq = this.Bind<ProxyRequest>();
        var url = pReq.Url;
        if (string.IsNullOrEmpty(url))
            return null;

        var client = new HttpClient();
        client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
        client.DefaultRequestHeaders.Add("User-Agent",
            "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36");
        client.DefaultRequestHeaders.Add("Upgrade-Insecure-Requests", "1");
        client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
        client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, sdch, br");
        client.DefaultRequestHeaders.Add("Accept-Language", "en-US,en;q=0.8,ru;q=0.6");
        var response = await client.GetAsync(url, ct);

        ct.ThrowIfCancellationRequested();


        switch (response.StatusCode)
        {
            case System.Net.HttpStatusCode.OK:
                var stream = await response.Content.ReadAsStreamAsync();

                return Response.FromStream(stream, response.Content.Headers.ContentType != null
                    ? response.Content.Headers.ContentType.ToString()
                    : "application/octet-stream");

            default:
                return Response.AsText("nError " + response.StatusCode);
        }
    }
}

作为控制台应用程序，您的代码工作正常

   static void Main(string[] args)
    {
        GetStuff();
        Console.ReadLine();
    }

    private static async void GetStuff()
    {
        CancellationToken ct = new CancellationToken();
        var client = new HttpClient();
        //this is only a Simple Change to demonstrate the problem, and should not be considered as a proper solution

        string url = "https://scontent.xx.fbcdn.net/v/t1.0-1/c15.0.50.50/p50x50/10354686_10150004552801856_220367501106153455_n.jpg?oh=6c801f82cd5a32fd6e5a4258ce00a314&oe=589AAD2F";
        if (url == null) return;

        client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
        client.DefaultRequestHeaders.Add("User-Agent",
            "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36");
        client.DefaultRequestHeaders.Add("Upgrade-Insecure-Requests", "1");
        client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
        client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate, sdch, br");
        client.DefaultRequestHeaders.Add("Accept-Language", "en-US,en;q=0.8,ru;q=0.6");
        var response = await client.GetAsync(url, ct);

        ct.ThrowIfCancellationRequested();


        switch (response.StatusCode)
        {
            case System.Net.HttpStatusCode.OK:
                var stream = await response.Content.ReadAsStreamAsync();


                break;
            default:
                break;
        }
    }

我得到一个OK 200返回消息。它使用的其他图像可能需要登录信息吗？

链接地址: http://www.djcxy.com/p/93897.html

上一篇: GetAsync for fbcdn returns 403 forbidden?

下一篇: Passing a tab character as a command line argument in Java