1. 首頁
  2. 問答
  3. IE11 - 失去了我的餅乾:302從HTTP重定向到HTTPS

IE11 - 失去了我的餅乾:302從HTTP重定向到HTTPS

2017-03-16 43 views
0

使用IE11我想提出一個GET請求到站點A:IE11 - 失去了我的餅乾:302從HTTP重定向到HTTPS

GET http://www.test.com/?documentId=ef746317-7711-4458-8873-a73700fc1b85 HTTP/1.1 
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* 
Accept-Language: en-US 
Accept-Encoding: gzip, deflate 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729) 
Connection: Keep-Alive 
Host: www.test.com

我收到2塊餅乾重定向:

HTTP/1.1 302 Found 
Date: Wed, 15 Mar 2017 23:48:00 GMT 
Content-Type: text/html; charset=UTF-8 
Location: https://www.newSite.com/test/Edit/ef746317-7711-4458-8873-a73700fc1b85 
Set-Cookie: Auth=EAAAAIQfMoK32BNjBypXapcJppWc==; path=/; secure 
Set-Cookie: Auth=EAAAAN+xPT6eioV8LESTR6CViGIvc834gP==; path=/; secure 
Cache-Control: private, s-maxage=0 
Server: Microsoft-IIS/10.0 
X-AspNet-Version: 4.0.30319 
X-AspNetMvc-Version: 4.0 
X-Powered-By: ASP.NET 
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" 
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR IVAi IVDi OUR TST" 
Content-Length: 0

IE似乎會跟隨重定向並執行GET,但正如您所看到的,不會返回Cookie:

GET https://www.newSite.com/test/Edit/ef746317-7711-4458-8873-a73700fc1b85 HTTP/1.1 
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* 
Accept-Language: en-US 
Accept-Encoding: gzip, deflate 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729) 
Connection: Keep-Alive 
Host: www.newSite.com

然後當然是401:

HTTP/1.1 401 Unauthorized 
Content-Type: text/html 
Server: Microsoft-IIS/10.0 
X-Powered-By: ASP.NET 
Date: Wed, 15 Mar 2017 23:48:00 GMT 
Content-Length: 1293 
<HTML>Blah blah blah access denied error</HTML>

我嘗試添加的P3P頭,迫使IE瀏覽器發送的cookie的重定向,但沒有骰子。我已經閱讀過,從HTTP到HTTPS的重定向時,IE發送cookie的問題可能存在問題,或者由於「HTTP」安全Cookie正在被HTTP發送回瀏覽器,而HTTP重定向到不同的域和扼流圈。我無法改變網站,因爲它們是供應商,但我可以通過我正在開發的接口中間件將302改回IE11。任何想法,我怎麼可以欺騙/迫使IE瀏覽器重新發送這些cookies?

更新1:我試過Firefox 52,IE11和Chrome。沒有瀏覽器正在接受302併發送返回的cookie。那裏的人必須瞭解如何使用cookie重定向。沒有任何迴應讓我懷疑這個網站是否會覆蓋到合適的人羣。

來源

2017-03-16 gt46l

回答

0

我繞着我的問題解決了一些問題。由於瀏覽器不會將cookie轉發回302重定向,我只是發回一個小貼子來爲我發帖,而不是我的界面軟件。

<!DOCTYPE html> 
<html> 
<head> 
<title>Redirect</title> 
</head> 
<body> 
<form action="https://testAPI.test.com/" method="POST"> 
<input name="UserName" value="Test APIUser"/> 
<input name="UserEmail" value="[email protected]"/> 
<input name="PatientId" value="1d11eb2e-2606-485e-ad5d-a70c00daa37a"/> 
<input name="Timestamp" value="Mon, 20 Mar 2017 19:11:24 GMT"/> 
84c6-a7210111648b"/> 
<input name="Token" value="MRVp/pBRBJ08F8cYMavfL8 ="/> 
</form> 
<script language="javascript"> window.setTimeout('document.forms[0].submit()', 0);</script> 
</body> 
</html>

來源

2017-03-23 19:07:28 gt46l

相關問題

 相關問題