Internet Explorer:SCRIPT7002:XMLHttpRequest:网络错误0x2f7d，由于错误00002f7d而无法完成操作 [英] Internet Explorer: SCRIPT7002: XMLHttpRequest: Network Error 0x2f7d, Could not complete the operation due to error 00002f7d

问题描述

这个问题使我发疯.我们的Web应用程序使用HTTP POST登录用户，现在IE 10正在中止连接并说:

This problem is driving me nuts. Our web app uses HTTP POST to login users and now IE 10 is aborting the connection and saying:

SCRIPT7002: XMLHttpRequest: Network Error 0x2f7d, Could not complete the operation due to error 00002f7d.

这是我所有的详细信息

• IE版本10.0.9.16618，更新版本10.0.6.我还在IE版本10.0.9200.16635，更新版本10.0.7中复制了此代码.
• 该域正在使用HTTPS. HTTP连接上不会出现该问题
• 我已经读到，出于某种原因，IE在执行HTTP POST之前需要获得证书，因此我在POST请求之前运行了HTTP GET，但是现在GET出错了.请参阅网络流屏幕截图. GET非常简单，只有一个PING页面返回我起来了".
• 关闭了Asyn $ .ajax({type:'POST'，url:url，async:false ...});我在其他帖子中读到过这很重要.
• 证书很好，请看屏幕截图.
• 如果将站点添加为受信任的站点"，问题就消失了，但这并不是我们要争取的用户体验.
• 这大约是一个月前开始的.微软最近发布了一些新更新吗?
• 我已经阅读:

• IE version 10.0.9.16618, update version 10.0.6. I've also reproduced this on IE version 10.0.9200.16635, update version 10.0.7.
• The domain is using HTTPS. The problem doesn't occur on HTTP connections
• I've read that for some reason IE needs to get a certificate before it can do an HTTP POST, so I have HTTP GETs running before my POST request, but now the GET is erroring out. See network flow screen shot. The GET is super simple, just a PING page that returns "I'm up."
• Asyn is turned off $.ajax({type: 'POST',url: url,async: false...}); I've read in other posts that this matters.
• The certificate is good, see screen shot.
• The problem goes away if the site is added as a "trusted site" but that's not really the user experience we're shooting for.
• This just started about a month ago. Did Microsoft push some new updates recently?
• I've already read: http://social.msdn.microsoft.com/Forums/windowsapps/en-US/dd5d2762-7643-420e-880a-9bf75554e383/intermittent-xmlhttprequest-network-error-0x2f7d-could-not-complete-the-operation-due-to-error. It doesn't help.

屏幕截图:

网络流:

证书很好:

任何帮助将不胜感激.我花了很多时间没有运气.如您所料，这在Chrome和Firefox中可以正常工作.如果您需要更多有关发生的事情的详细信息，请告诉我.

Any help is greatly appreciated. I've spent a lot of hours on this with no luck. As you would expect this works fine in Chrome and Firefox. If you need any more detail about what's happening please let me know.

谢谢

推荐答案

证书吊销检查可能会阻止初始JSON POST，但允许在GET回调之后进行后续请求

Certificate revocation checks may block the initial JSON POST, but allow subsequent requests after the GET callback

我们最近确定忽略证书吊销检查失败的URLMon代码(Win8，Win7，甚至更早)不适用于内容上载(例如HTTP POST).因此，如果证书吊销检查失败，则对上载是致命的(例如IE将显示无法显示页面"错误消息；其他客户端将显示其他错误).然而，这在现实世界中很少有问题，因为在大多数情况下，用户首先从目标HTTPS站点执行下载(HTTP GET)，结果服务器的证书将被缓存为忽略撤销检查失败".在整个过程的生命周期内免除，因此后续的POST将继承该标志并成功.如果当前流程中对HTTPS站点的第一个请求是上传(例如，在跨域POST请求中)，则上传失败.

We recently determined that URLMon's code (Win8, Win7, and probably earlier) to ignore certificate revocation check failures is not applied for content uploads (e.g. HTTP POST). Hence, if a Certificate Revocation check fails, that is fatal to the upload (e.g. IE will show a Page Cannot Be Displayed error message; other clients would show a different error). However, this rarely matters in the real world because in most cases, the user first performs a download (HTTP GET) from the target HTTPS site, and as a result the server's certificate is cached with the "ignore revocation check failures" exemption for the lifetime of the process and thus a subsequent POST inherits that flag and succeeds. The upload fails if the very first request to the HTTPS site in the current process was for an upload (e.g. as in a cross-origin POST request).

这是它的工作方式:

一些背景知识:当Web浏览器启动与Web服务器的HTTPS握手时，该服务器立即发送数字证书.服务器的主机名在数字证书中列出，浏览器将其与尝试访问的主机名进行比较.如果这些主机名不匹配，则浏览器将引发错误.

A little background: When a web browser initiates a HTTPS handshake with a web server, the server immediately sends down a digital certificate. The hostname of the server is listed inside the digital certificate, and the browser compares it to the hostname it was attempting to reach. If these hostnames do not match, the browser raises an error.

如果将单个IP配置为承载多个站点(有时称为虚拟主机")，则匹配主机名要求会导致问题.通常，虚拟主机服务器检查HTTP主机请求标头以确定要返回的HTTP内容.但是，在使用HTTPS的情况下，服务器必须先提供数字证书，然后才能从浏览器接收HTTP标头. SNI通过在初始客户端与安全服务器握手的SNI扩展字段中列出目标服务器的主机名来解决此问题.虚拟主机服务器可以检查SNI扩展，以确定将哪个数字证书发送回客户端.

The matching-hostnames requirement causes a problem if a single-IP is configured to host multiple sites (sometimes known as "virtual-hosting"). Ordinarily, a virtual-hosting server examines the HTTP Host request header to determine what HTTP content to return. However, in the HTTPS case, the server must provide a digital certificate before it receives the HTTP headers from the browser. SNI resolves this problem by listing the target server’s hostname in the SNI extension field of the initial client handshake with the secure server. A virtual-hosting server may examine the SNI extension to determine which digital certificate to send back to the client.

GET可能是operation aborted方案的受害者:

The GET may be victim of the operation aborted scenario:

正在解析HTML文件，并且遇到脚本块.该脚本块包含内联脚本，该内联脚本创建一个新元素，并尝试在解析器遇到关闭的BODY标记之前将其添加到BODY元素.

The HTML file is being parsed, and encounters a script block. The script block contains inline script which creates a new element and attempts to add it to the BODY element before the closing BODY tag has been encountered by the parser.

<body>
  <div>
    <script>document.body.appendChild(newElem)</script>
  </div>
</body>

请注意，如果删除了<div>元素，则不会发生此问题，因为脚本块的直接父对象是BODY，并且脚本块的直接父对象不受此问题的影响.

Note that if I removed the <div> element, then this problem would not occur because the script block's immediate parent would be BODY, and the script block's immediate parent is immune to this problem.

参考

• 防止操作中止情况

  IE中的HTTPS改进

  在线证书状态协议-OCSP

  这篇关于Internet Explorer:SCRIPT7002:XMLHttpRequest:网络错误0x2f7d，由于错误00002f7d而无法完成操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！