使用IE11我想提出一個GET請求到站點A:IE11 - 失去了我的餅乾:302從HTTP重定向到HTTPS
GET http://www.test.com/?documentId=ef746317-7711-4458-8873-a73700fc1b85 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Connection: Keep-Alive
Host: www.test.com
我收到2塊餅乾重定向:
HTTP/1.1 302 Found
Date: Wed, 15 Mar 2017 23:48:00 GMT
Content-Type: text/html; charset=UTF-8
Location: https://www.newSite.com/test/Edit/ef746317-7711-4458-8873-a73700fc1b85
Set-Cookie: Auth=EAAAAIQfMoK32BNjBypXapcJppWc==; path=/; secure
Set-Cookie: Auth=EAAAAN+xPT6eioV8LESTR6CViGIvc834gP==; path=/; secure
Cache-Control: private, s-maxage=0
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 4.0
X-Powered-By: ASP.NET
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR IVAi IVDi OUR TST"
Content-Length: 0
IE似乎會跟隨重定向並執行GET,但正如您所看到的,不會返回Cookie:
GET https://www.newSite.com/test/Edit/ef746317-7711-4458-8873-a73700fc1b85 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Connection: Keep-Alive
Host: www.newSite.com
然後當然是401:
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 15 Mar 2017 23:48:00 GMT
Content-Length: 1293
<HTML>Blah blah blah access denied error</HTML>
我嘗試添加的P3P頭,迫使IE瀏覽器發送的cookie的重定向,但沒有骰子。我已經閱讀過,從HTTP到HTTPS的重定向時,IE發送cookie的問題可能存在問題,或者由於「HTTP」安全Cookie正在被HTTP發送回瀏覽器,而HTTP重定向到不同的域和扼流圈。我無法改變網站,因爲它們是供應商,但我可以通過我正在開發的接口中間件將302改回IE11。任何想法,我怎麼可以欺騙/迫使IE瀏覽器重新發送這些cookies?
更新1:我試過Firefox 52,IE11和Chrome。沒有瀏覽器正在接受302併發送返回的cookie。那裏的人必須瞭解如何使用cookie重定向。沒有任何迴應讓我懷疑這個網站是否會覆蓋到合適的人羣。