服务端通常是根据请求头(headers)中的 Content-Type 字段来获知请求中的消息主体是用何种方式编码,再对主体进行解析。
常见的post提交数据类型有四种:application/json、application/x-www-form-urlencoded、multipart/form-data、text/XXX(XXX有plain/xml/html等)
一、默认post数据类型:application/x-www-form-urlencoded
这应该是最常见的 POST 提交数据的方式了。浏览器的原生form表单,如果不设置 enctype属性,那么最终就会以application/x-www-form-urlencoded方式提交数据。
比如对discuz论坛登录进行抓包,得到了如下数据:
Host: www.discuz.net
Connection: keep-alive
Content-Length: 232
Cache-Control: max-age=0
Origin: https://www.discuz.net
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: nested-navigate
Referer: https://www.discuz.net/member.php?mod=logging&action=login
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: t7asq_4ad6_saltkey=ij9yIq2l; t7asq_4ad6_lastvisit=1576495060; _ga=GA1.2.1256802490.1576498661; t7asq_4ad6_sendmail=1; t7asq_4ad6_seccode=3232139.6cfe593ca4fd5e5559; _gid=GA1.2.697221757.1576915263; _gat_gtag_UA_150716312_1=1; t7asq_4ad6_lastact=1576915298%09misc.php%09seccode
formhash=86da67b7&referer=https%3A%2F%2Fwww.discuz.net%2F.%2F&loginfield=username&username=%C3%C6%C9%A7%B5%C4%C7%E0%B4%BA&password=mima123456&questionid=0&answer=&seccodehash=cS&seccodemodid=member%3A%3Alogging&seccodeverify=eref
其中的Content-Type: application/x-www-form-urlencoded就是它要提交的数据类型,这种类型是可以用表单显示的
x-www-form-urlencoded
二、Content-Type: application/json
这个类型一般用来发送json类型的数据,以携程登录抓包为例:
Host: passport.ctrip.com
Connection: keep-alive
Content-Length: 1000
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://passport.ctrip.com
X-Requested-With: XMLHttpRequest
contentType: application/json; charset=utf-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/json; charset=UTF-8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://passport.ctrip.com/user/login
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: _abtest_userid=c16940eb-5fb7-430c-867f-a5a0a41dfda2; _ga=GA1.2.2144046793.1576916784; _gid=GA1.2.229480335.1576916784; Union=OUID=index&AllianceID=4897&SID=737673&SourceID=&createtime=1576916784&Expires=1577521583810; _jzqco=%7C%7C%7C%7C%7C1.1293683187.1576916783875.1576916783875.1576916783876.1576916783875.1576916783876.0.0.0.1.1; MKT_CKID=1576916783878.h4mg3.5a2h; MKT_CKID_LMT=1576916783879; __zpspc=9.1.1576916783.1576916783.1%232%7Csp0.baidu.com%7C%7C%7C%25E6%2590%25BA%25E7%25A8%258B%25E6%25B3%25A8%25E5%2586%258C%7C%23; MKT_Pagesource=PC; _RF1=27.158.221.82; _RSG=oAq08u5f4b9SUGyEKInj_8; _RDG=28f604118bfcc628971f9125921716c9bb; _RGUID=9944a45e-0803-42b2-8fed-c5250ef1079c; _bfa=1.1576916780738.3fn399.1.1576916780738.1576916780738.1.3; _bfs=1.3; _bfi=p1%3D10320670296%26p2%3D10320670296%26v1%3D3%26v2%3D2
{"AccountHead":{"Token":"p01a620a582de4f25aaca9cbe4df19027d687383f3def","SliderVersion":"2.5.33","Platform":"P","Extension":{}},"Data":{"accessCode":"7434E3DDCFF0EDA8","strategyCode":"63A70EA9BB38F5D","userName":"123456789","certificateCode":"123456789","extendedProperties":[{"key":"LoginName","value":"123456789"},{"key":"Platform","value":"P"},{"key":"PageId","value":"10320670296"},{"key":"URL","value":"https://passport.ctrip.com/user/login"},{"key":"http_referer","value":""},{"key":"rmsToken","value":"fp=dj4tvn-po8lao-hjffh1&vid=1576916780738.3fn399&pageId=10320670296&r=9944a45e080342b28fedc5250ef1079c&ip=27.158.221.82&rg=fin&kpData=0_0_0&kpControl=0_0_0-0_0_0&kpEmp=0_0_0_0_928_9_0_0_0_0-0_0_0_0_1658_9_0_0_0_0-0_0_0_0_0_0_0_0_0_0&screen=1440x900&tz=+8&blang=zh-CN&oslang=zh-CN&ua=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F79.0.3945.88%20Safari%2F537.36&d=passport.ctrip.com&v=22&kpg=0_0_0_0_4480_18_0_0_0_0"}]}}
我们可以从第9行看到提交的数据类型是Content-Type: application/json; charset=UTF-8,这种类型,消息主体是序列化后的 JSON 字符串,以json方式查看,可以从下图的树型结构清楚的看到它的各种值
application/json
三、Content-Type: multipart/form-data
此类型一般用来发送文件(如音频、视频、图片、其它文件等),我们使用表单上传文件时,必须让form表单的enctype等于multipart/form-data。我们以免费图床TU260示例(一下仅是部分):
multipart/form-data; boundary=----WebKitFormBoundarywcr9VVOS9Geq5AaH
从图片中可以看到,提交的类型是
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywcr9VVOS9Geq5AaH,其中boundary字段的作用是用于分割不同的字段,为了避免与正文内容重复,它的值是----WebKitFormBoundarywcr9VVOS9Geq5AaH是随机生成的。
四、text/XXX
这种是数据以纯文本形式进行编码,其中不含任何控件或格式字符。懒得多介绍。
常见的有text/xml、text/css、text/html、text/plain。