Home >WeChat Applet >WeChat Development >Summary of the problem of missing Referer (WeChat H5 payment)
Recently, the company has applied for WeChat’s H5 payment. The relevant payment documents can be found here https://pay.weixin.qq.com/wiki/doc/api/H5.php?chapter=15_4. Payment has been initiated after the release. Error The merchant parameter format is wrong, please contact the merchant to solve it
According to the official WeChat document, the error message should be referer
. So after locating it, I found that referer
is lost. Record the problem-solving process.
HTTP Referer is part of the HTTP
request header
header information when the browser sends it to the web server When making a request, I usually bring Referer
to tell the server which page I am linking from, so that the server can obtain some information for processing.
For example, under the console of the Chrome
browser, we can see information similar to the following under Request Headers
Provisional headers are shown Accept: / Origin: local.test5.show Referer: local.test5.show/test/show User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
where Referer
is this attribute. The correct English spelling of
Referer is referrer. Due to spelling errors in the early HTTP specifications, it was a mistake to maintain backward compatibility
For example, if you find that you are loading your own resources and the referer is not your own site, you can block it
This is the same as above
For example, WeChat H5 payment also requires this, I don’t know what they do (hhh
Regarding the problem of Referer
being lost, first of all, the referer is sent to the server by the client's browser, and can be obtained on the client through document.referrer
, which means that the referer is actually sent It is a browser behavior, and the decision of whether to send it or not is in the hands of the browser. Although this is said, the HTTP protocol has strict regulations on the circumstances under which the browser should send it and under what circumstances it should not send it.
1. When a website uses the refresh field to jump, most browsers do not send referer
2 .When a user clicks a link from an HTTPS website to another HTTP website, the referer
is not sent. In 3.html5, the rel = "noreferrer" of the a tag allows the browser not to send the referer
4. If you use the Data URI scheme link, the browser will not send the referer
5. Using Content Security Policy, you can also prevent the browser from sending the referer
6. In html Use the meta tag in the header to control not allowing the browser to send referer
Sometimes it is necessary to generate some URL links in the API project Return but the server has been configured to support HTTPS, and the URL generated when accessing through HTTPS is still HTTP
Regarding this problem, it is actually the server configuration The problem is similar to the following
Returning to the WeChat payment problem I encountered, after tracking a circle of browser jumps, I found that the property was in the second case, jumping from the HTTPS site to the HTTP site, and the Referer was lost. [ps: The other way around, from HTTP to HTTPS, is no problem. Referer will be lost] It is hidden deep in the middle
Of course I didn't notice this problem at first because there was no problem from the front-end request to the API. All projects have deployed HTTPS across the board, and the Referer information is also carried. Then to the last step of WeChat The Referer was lost when requesting the payment URL.
Later I found that when requesting the API project, the API project returned a URL to the front end. This URL was generated by the back-end code according to the rules (action auxiliary in Laravel Function) There is nothing wrong with this function itself, but the generated URL link is HTTP, causing trouble again! ! !
The API project is configured with an HTTPS request but the generated URL is HTTP. The problem is here. I asked the operation and maintenance brother for assistance and finally found out that it was a problem configured in the Nginx reverse proxy.
nginx server configuration fragment is as follows :
location / { proxy_pass http://114.114.114.114:80; }
You can see that the proxy_pass parameter points to the HTTP protocol, so the URLs obtained in the background are all HTTP protocols.
Set the proxy to https://114.114. 114.114:443;
The problem will be solved
Recommended: "WeChat Development Tutorial"
The above is the detailed content of Summary of the problem of missing Referer (WeChat H5 payment). For more information, please follow other related articles on the PHP Chinese website!