Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

新写的贴子,阅读量都是大的数,不蒜子和最新的chrome不兼容。 #136

Closed
3 tasks done
aixiu opened this issue Nov 10, 2020 · 6 comments
Closed
3 tasks done

新写的贴子,阅读量都是大的数,不蒜子和最新的chrome不兼容。 #136

aixiu opened this issue Nov 10, 2020 · 6 comments
Labels
Feature Request New feature or request Solved 🔌 3rd Party Plugin

Comments

@aixiu
Copy link

aixiu commented Nov 10, 2020
edited by stevenjoezhang
Loading

Please follow this Issue template to provide relevant information, such as source code repository, website URL and screenshots, which will help us investigate.
请按照此 Issue 模版提供相关信息,例如源码仓库、网站链接和屏幕截图,这将有助于我们进行调查。

Issue Checklist

  • I am using NexT version 8.0 or later.
  • I have already read the relevant documents of Hexo and NexT.
  • I have already searched for current issues, which does not help me.

Other Information

新写的贴子,阅读量都是
image
有的甚至更大,高达几十万。肯定不正常。
详情请见:
文章分析一
文章分析二
原因
出现这个原因,和 Chrome 85 版本 Referrer Policy 更改有关。什么是 Referrer,简单理解,就是请求 Web 服务器时,可以在 HTTP Request 的请求头 (header) 中加上当前页面的 URL,例如我们在浏览某个博客页面,需要加载一些图片,从服务器请求这些图片时,referrer 就是当前的博客页面 URL。从这里也可以看出,referrer 可能会暴露请求来源的某些信息或者隐私,有一定的隐私或安全风险。之前版本的 Chrome 浏览器,如果网站没有指定自己的 Referrer Policy,那么 Chrome 默认 policy 是 no-referrer-when-downgrade,在 Chrome 85 版本中,为了保护用户的隐私,默认的 Referrer Policy 则变成了 strict-origin-when-cross-origin。

不过这到底是什么意思?Referrer Policy 用来控制当前网站请求目标网站时, referer 这个字段发送的具体信息,如果 Referrer Policy 为:

no-referrer-when-downgrade: 当两个网站的 http 协议安全等级相当,或者目的网站安全协议等级高于当前网站(HTTP –> HTTP, HTTPS –> HTTPS, HTTP –> HTTPS), referer 将会包含源网站的域名,路径,查询字符串;如果目的网站安全协议等级低于源网站 (HTTPS –> HTTP),将不会发送这些信息。
strict-origin-when-cross-origin: 只有当做同一域名请求时 (源网址和目标网址是同一域名),才发送域名,路径和请求字符串,当两个网站安全协议相当时,发送源网站的域名(没有具体路径信息和查询字符串),如果目标网站安全协议等级低于源网站,不发送 header 信息。
卜算子统计博客文章访问量就是通过 referer 来计算的,通过上面的分析,如果 Referrer Policy 是 strict-origin-when-cross-origin,卜算子接收到的只有博客的域名,没有文章的具体路径,所以具体某个文章的 PV 统计会出现错误。例如 这篇文章,发送给卜算子的 referer 只是 https://jdhao.github.io。

所以,要想正确统计博客每篇文章的 PV,可以把 Referrer Policy 设置为 no-referrer-when-downgrade。

Hexo Next修改办法:
X:\Blog\themes\next\layout_third-party\statistics\busuanzi-counter.njk

{%- if theme.busuanzi_count.enable %}
  <script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>  
{%- endif %}

修改为:

{%- if theme.busuanzi_count.enable %}
  <script async src="https://cdn.jsdelivr.net/gh/YinAoXiong/busuanzi@2.3.0/busuanzi.pure.mini.js"></script>
{%- endif %}

然后重新生成 Hexo clean & hexo g 博客即可。
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label Feature Request to this issue, with a confidence of 0.65. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@issue-label-bot issue-label-bot bot added the Feature Request New feature or request label Nov 10, 2020
@stevenjoezhang
Copy link
Member

stevenjoezhang commented Nov 10, 2020
edited
Loading

然而并不是所有浏览器都尊重meta name="referrer",例如 Safari。最好的解决方案是建议不蒜子的开发者修改请求方式。

参考 privacycg/proposals#13

@aixiu
Copy link
Author

aixiu commented Nov 10, 2020

@stevenjoezhang 那我就只能临时改动一下了。感谢回复。

@aixiu aixiu closed this as completed Nov 10, 2020
@stevenjoezhang
Copy link
Member

我记得不蒜子是有个QQ群的,可以去反馈一下。

@stevenjoezhang stevenjoezhang mentioned this issue Nov 19, 2020
Closed
3 tasks
@stevenjoezhang
Copy link
Member

stevenjoezhang commented Nov 23, 2020
edited
Loading

出现这个原因,和 Chrome 85 版本 Referrer Policy 更改有关。

经确认,这并不是问题的全部原因。更关键的问题是 referrerPolicy 修正了拼写,导致不蒜子脚本中的 refererPolicy 无效,请等待开发者修复。我已于今年 8 月和 11 月两次在不蒜子 QQ 群中反馈这一问题,截至目前为止均未得到正面回复。

更新:问题已于 11 月 23 日修复。感谢作者buru大神!

- scriptTag.refererPolicy="no-referrer-when-downgrade"
+ scriptTag.referrerPolicy="no-referrer-when-downgrade"

另见 fluid-dev/hexo-theme-fluid#376

@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. It is possible issue was solved or at least outdated. Feel free to open new for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 10, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Feature Request New feature or request Solved 🔌 3rd Party Plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aixiu @stevenjoezhang