1. 首页
  2. 问答
  3. IE11 - 失去了我的饼干:302从HTTP重定向到HTTPS

IE11 - 失去了我的饼干:302从HTTP重定向到HTTPS

2017-03-16 42 views
0

使用IE11我想提出一个GET请求到站点A:IE11 - 失去了我的饼干:302从HTTP重定向到HTTPS

GET http://www.test.com/?documentId=ef746317-7711-4458-8873-a73700fc1b85 HTTP/1.1 
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* 
Accept-Language: en-US 
Accept-Encoding: gzip, deflate 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729) 
Connection: Keep-Alive 
Host: www.test.com

我收到2块饼干重定向:

HTTP/1.1 302 Found 
Date: Wed, 15 Mar 2017 23:48:00 GMT 
Content-Type: text/html; charset=UTF-8 
Location: https://www.newSite.com/test/Edit/ef746317-7711-4458-8873-a73700fc1b85 
Set-Cookie: Auth=EAAAAIQfMoK32BNjBypXapcJppWc==; path=/; secure 
Set-Cookie: Auth=EAAAAN+xPT6eioV8LESTR6CViGIvc834gP==; path=/; secure 
Cache-Control: private, s-maxage=0 
Server: Microsoft-IIS/10.0 
X-AspNet-Version: 4.0.30319 
X-AspNetMvc-Version: 4.0 
X-Powered-By: ASP.NET 
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" 
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR IVAi IVDi OUR TST" 
Content-Length: 0

IE似乎会跟随重定向并执行GET,但正如您所看到的,不会返回Cookie:

GET https://www.newSite.com/test/Edit/ef746317-7711-4458-8873-a73700fc1b85 HTTP/1.1 
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* 
Accept-Language: en-US 
Accept-Encoding: gzip, deflate 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729) 
Connection: Keep-Alive 
Host: www.newSite.com

然后当然是401:

HTTP/1.1 401 Unauthorized 
Content-Type: text/html 
Server: Microsoft-IIS/10.0 
X-Powered-By: ASP.NET 
Date: Wed, 15 Mar 2017 23:48:00 GMT 
Content-Length: 1293 
<HTML>Blah blah blah access denied error</HTML>

我尝试添加的P3P头,迫使IE浏览器发送的cookie的重定向,但没有骰子。我已经阅读过,从HTTP到HTTPS的重定向时,IE发送cookie的问题可能存在问题,或者由于“HTTP”安全Cookie正在被HTTP发送回浏览器,而HTTP重定向到不同的域和扼流圈。我无法改变网站,因为它们是供应商,但我可以通过我正在开发的接口中间件将302改回IE11。任何想法,我怎么可以欺骗/迫使IE浏览器重新发送这些cookies?

更新1:我试过Firefox 52,IE11和Chrome。没有浏览器正在接受302并发送返回的cookie。那里的人必须了解如何使用cookie重定向。没有任何回应让我怀疑这个网站是否会覆盖到合适的人群。

来源

2017-03-16 gt46l

回答

0

我绕着我的问题解决了一些问题。由于浏览器不会将cookie转发回302重定向,我只是发回一个小贴子来为我发帖,而不是我的界面软件。

<!DOCTYPE html> 
<html> 
<head> 
<title>Redirect</title> 
</head> 
<body> 
<form action="https://testAPI.test.com/" method="POST"> 
<input name="UserName" value="Test APIUser"/> 
<input name="UserEmail" value="[email protected]"/> 
<input name="PatientId" value="1d11eb2e-2606-485e-ad5d-a70c00daa37a"/> 
<input name="Timestamp" value="Mon, 20 Mar 2017 19:11:24 GMT"/> 
84c6-a7210111648b"/> 
<input name="Token" value="MRVp/pBRBJ08F8cYMavfL8 ="/> 
</form> 
<script language="javascript"> window.setTimeout('document.forms[0].submit()', 0);</script> 
</body> 
</html>

来源

2017-03-23 19:07:28 gt46l

相关问题

 相关问题