Azure Http 到 Https 重定向不适用于 SPA [英] Azure Http to Https redirect not working for SPA
问题描述
我正在尝试使用 web.config 重写规则在我们的 Azure 应用服务中启用 http 到 https 重定向.根据我能找到的所有文档,使用重写规则的 Web 配置重定向是获得此功能的官方方式.我喜欢并希望支持的功能之一是 gzip 作为 Accepted-Encoding,这是默认启用的.但这两个特征似乎有冲突.还有另一种方法来进行重定向吗?我必须禁用压缩吗?
I am trying to enable http to https redirection in our Azure App Service using web.config rewrite rules. According to all documentation I can find, web config redirect using rewrite rules is the official way to get this feature. One of the features that I like and want to support is gzip as an Accepted-Encoding, this is enabled be default. But those two features seem to conflict. Is there another way to do the redirect? Do I have to disable compression?
这是我的重定向规则:
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)"/>
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="Off"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" appendQueryString="true" />
</rule>
使用我只想通过 SSL 传递的内容响应的 Curl 命令:
Curl command that responds with the content that I only want to be delivered over SSL:
curl "http://[MyUrl]/" -H "Accept-Encoding: gzip, deflate" --compressed
按预期执行的Curl命令:
Curl command that executes as expected:
curl "http://[MyUrl]/"
回复:
HTTP/1.1 301 Moved Permanently
Content-Length: 154
Content-Type: text/html; charset=UTF-8
Location: https://[MyUrl]/
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 29 Aug 2017 19:29:29 GMT
提前致谢.
如果这很有价值,根 url 之外的请求似乎可以按预期工作.只有根 url 似乎返回没有重定向的内容.
In case this is valuable, requests outside of the root url seem to work as expected. Only the root url seems to return the content without the redirect.
更新
我认为这可能与我的 SPA 重写规则有关,尽管我不确定是否存在干扰,因为第一条规则对其进行了 stopProcessing.我能够在 cdwredirecttest.azurewebsites.net 上重新创建该问题.如果您点击该站点,它会将您重定向到 https,但只是第一次.打开另一个浏览器并重试,这一次它将通过 http 加载站点.在服务器缓存 gzip 响应后,您将不再被重定向.这是我的完整 web.config:
Update
I think this might have to do with my SPA rewrite rule, although I am not sure of the interference as the first rule has stopProcessing on it. I was able to recreate the issue at cdwredirecttest.azurewebsites.net. If you hit the site, it will redirect you to https, but only the first time. Open another browser and try again, this time it will load the site over http. After the server caches the gzip response you no longer get redirected. Here is my full web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="^(.*)$" ignoreCase="true" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="Off" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" appendQueryString="true" />
</rule>
<rule name="Redirect all requests">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" pattern="" ignoreCase="false" />
</conditions>
<action type="Rewrite" url="index.html" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
推荐答案
在挖掘并重新创建问题后,我向 Microsoft 开了一张票.该问题专门针对单页应用程序和在接受压缩内容时使用重写规则进行 SSL 重定向.显然 IIS 正在缓存 gzip 响应,因此 SSL 重定向永远不会发生.解决方案是禁用缓存:
After digging around and recreating the issue, I opened a ticket with Microsoft. The issue is specifically around Single Page Applications and SSL redirecting using rewrite rules when compressed content is accepted. Apparently IIS is caching the gzip response so the SSL redirection never occurs. The solution is to disable caching:
<system.webServer>
...
<caching enabled="false" enableKernelCache="false"/>
...
</system.webServer>
这些是我想出的重现问题的步骤:
These are the steps that I came up with to recreate the issue:
- 创建新的 Azure 应用服务
- 将 hostingstart.html 重命名为 index.html(可能没有必要,除非重写规则稍后使用它)
添加以下 web.config
- Create a new Azure App Service
- Rename hostingstart.html to index.html (probably not necessary except the rewrite rule later uses it)
Add the following web.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="^(.*)$" ignoreCase="true" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="Off" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" appendQueryString="true" />
</rule>
<rule name="Single Page App">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" pattern="" ignoreCase="false" />
</conditions>
<action type="Rewrite" url="index.html" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
在 curl 中加载 http 站点.这将导致重定向响应按预期发生.
Load the http site in a curl. This will cause the redirect response to happen as expected.
curl "http://cdwredirecttest.azurewebsites.net" -H "Accept-Encoding: gzip, deflate" --compressed
在 curl 中加载 https 站点.您将按预期获得页面内容(我相信 IIS 正在缓存此 gzip 响应并稍后使用它).
Load the https site in curl. You will get the page content as expected (I believe IIS is caching this gzip response and using it later).
curl "https://cdwredirecttest.azurewebsites.net" -H "Accept-Encoding: gzip, deflate" --compressed
在 curl 中加载 http 站点.如果收到重定向响应,则需要重复 5 和 6.最终响应将返回内容.
Load the http site in a curl. If you get a redirect response, you will need to repeat 5 and 6. Eventually the response will return the content.
curl "http://cdwredirecttest.azurewebsites.net" -H "Accept-Encoding: gzip, deflate" --compressed
现在加载一个没有缓存重定向响应的网络浏览器.您将通过 http 加载网站,而不是重定向到 https.
Now load a web browser that has not cached the redirect response. You will load the site over http instead of redirecting to https.
这篇关于Azure Http 到 Https 重定向不适用于 SPA的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
