为什么有些 API 通过网页可以访问,用 postman 模拟却不能访问

2020-12-10 10:01:18 +08:00
 Dalaran

例如:阿里云的页面 https://market.aliyun.com/qidian/search/%E9%98%BF%E9%87%8C%E4%BA%91?type=company 查看 XHR 有这个 https://holmes.taobao.com/web/corp/customer/searchWithSummary 接口,可以看到返回内容,但是用 postman 设置相应的参数却没有返回

General

Request URL: https://holmes.taobao.com/web/corp/customer/searchWithSummary
Request Method: POST
Status Code: 200 
Remote Address: 203.119.144.58:443
Referrer Policy: strict-origin-when-cross-origin

Response Header

access-control-allow-credentials: true
access-control-allow-origin: https://market.aliyun.com
content-encoding: gzip
content-type: application/json;charset=utf-8
date: Thu, 10 Dec 2020 01:45:55 GMT
eagleeye-traceid: 0b52190b16075647557863132e3d8b
expires: Thu, 01 Jan 1970 00:00:00 GMT
server: Tengine/Aserver
set-cookie: XSRF-TOKEN=22f5407e-1fac-4d3f-a049-43786b11f7ce;Path=/;HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
strict-transport-security: max-age=0
timing-allow-origin: *
vary: Accept-Encoding
vary: Origin
x-application-context: bi-eris:production:7001
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Request Header

:authority: holmes.taobao.com
:method: POST
:path: /web/corp/customer/searchWithSummary
:scheme: https
accept: application/json, text/plain
accept-encoding: gzip, deflate, br
accept-language: en,zh-CN;q=0.9,zh;q=0.8
cache-control: no-cache
content-length: 64
content-type: application/json
cookie: cna=fJgYEh6gUUYCAXrp5q9LmIm7; enc=fbIfqJOvfFt9vT4kODgzJBjdWPNtvqaBiho3fdllerYXKWCGJYyPPqAoEgHUm6i%2BIIUvgEQNGvjc94wgPa32Lw%3D%3D; t=5f19037a79e51611f3d5ecf6ba8a56a1; _m_h5_tk=bd0df265e4e26a46dccd0914ef1afba5_1607513346822; _m_h5_tk_enc=beb44b49f7ed129f1458d0a80ea96a25
origin: https://market.aliyun.com
pragma: no-cache
referer: https://market.aliyun.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36

Request Payload

{pageNo: 1, pageSize: 10, keyword: "阿里云", orderByType: 5}
keyword: "阿里云"
orderByType: 5
pageNo: 1
pageSize: 10
3218 次点击
所在节点    程序员
8 条回复
anjianshi
2020-12-10 10:03:54 +08:00
网页能拉到的内容 postman 一定能拉到啊

- url
- header
- body

肯定是其中哪个和网页请求时不一样了
Kasumi20
2020-12-10 10:05:37 +08:00
user-agent
Jackeriss
2020-12-10 10:07:02 +08:00
有可能是根据时间戳加密的
zywz999
2020-12-10 10:22:39 +08:00
Dalaran
2020-12-10 10:25:48 +08:00
@zywz999 请求头和 body 可以看看吗,[捂脸]
matrix67
2020-12-10 10:26:40 +08:00
网页 f12 导出 curl
postman 再导入 curl 。
zywz999
2020-12-10 10:30:05 +08:00
@Dalaran #5 告诉你一个小技巧 请求右键 copy=>copy as curl(bash) 可以直接用 postman 导入的
Dalaran
2020-12-10 10:37:23 +08:00
@matrix67
@zywz999
学到了,谢谢哈

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/733998

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX