Chrome通过HTTP 302重定向取消CORS XHR [英] Chrome cancels CORS XHR upon HTTP 302 redirect
问题描述
根据 CORS规范,GET和POST请求应该透明地跟随302重定向。
以下是执行请求的JS:
var r = new XMLHttpRequest();
r.open('GET','https://dev.mysite.com/rest',true);
r.send();
以下是应该发生的情况:
- 客户端:XHR POST请求到/ rest
- 服务器:使用HTTP 302重定向到/ rest /
- Client: XHR POST request to /rest
- Server: responds with HTTP 302 redirect to /rest/
- Client: Follow that redirect
但在第2步后,Chrome会取消请求。如果没有HTTP 302,请求将正常工作。
请求运行时,我可以在Chrome的网络面板中看到只有一个XHR - 取消的POST请求,没有响应标头或响应正文。
使用Chrome的网络内部工具进行调试,我发现服务器发送了一个响应,之后请求被取消。以下是请求的输出:
79295:URL_REQUEST
https://dev.mysite.com/rest
开始时间:2013-08-30 12:41:11.637
t = 1377880871637 [st = 0] + REQUEST_ALIVE [dt = 13455]
t = 1377880871638 [st = 1] URL_REQUEST_BLOCKED_ON_DELEGATE [dt = 1]
- > delegate =extension Adblock Plus
t = 1377880871639 [st = 2] + URL_REQUEST_START_JOB [dt = 13453]
- > load_flags = 143540480(DO_NOT_SAVE_COOKIES | DO_NOT_SEND_AUTH_DATA | DO_NOT_SEND_COOKIES | ENABLE_LOAD_TIMING | MAYBE_USER_GESTURE | REPORT_RAW_HEADERS | VERIFY_EV_CERT)
- > method =POST
- > priority = 2
- > upload_id =0
- > url =https://dev.mysite.com/rest
t = 1377880871639 [st = 2] HTTP_CACHE_GET_BACKEND [dt = 0]
t = 1377880871639 [st = 2] + HTTP_STREAM_REQUEST [dt = 7]
t = 1377880871646 [st = 9] HTTP_STREAM_REQUEST_BOUND_TO_JOB
- > source_dependency = 79296(HTTP_STREAM_JOB)
t = 1377880871646 [st = 9] -HTTP_STREAM_REQUEST
t = 1377880871646 [st = 9] + HTTP_TRANSACTION_SEND_REQUEST [dt = 0]
t = 1377880871646 [st = 9] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
- > GET / facultyportfolio-rest HTTP / 1.1
主机:dev.liberty.edu
连接:keep-alive
Content-Length:46
原产地:http:// localhost:8080
User-Agent:Mozilla / 5.0(Windows NT 6.1; WOW64)AppleWebKit / 537.36(KHTML,像Gecko)Chrome / 29.0.1547.62 Safari / 537.36
Content-Type:application / json; charset = UTF-8
Accept:* / *
Referer:http:// localhost:8080 / ajaxtest.html
Accept-Encoding:gzip,deflate,sdch
Accept-语言:en-US,en; q = 0.8
t = 1377880871646 [st = 9] HTTP_TRANSACTION_SEND_REQUEST_BODY
- > did_merge = true
- > is_chunked = false
- > length = 46
t = 1377880871646 [st = 9] -HTTP_TRANSACTION_SEND_REQUEST
t = 1377880871646 [st = 9] + HTTP_TRANSACTION_READ_HEADERS [dt = 1001]
t = 1377880871646 [st = 9] HTTP_STREAM_PARSER_READ_HEADERS [dt = 1000 ]
t = 1377880872646 [st = 1009] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
- > HTTP / 1.1 302 Found
Date:Fri,30 Aug 2013 16:41:11 GMT
服务器:Apache / 2
访问控制允许原产地:http:// localhost:8080
Access-Control-Allow-Credentials:true
位置:https://dev.mysite.com/rest/
Content-Language:en-US
Vary:Accept-编码,User-Agent
Content-Encoding:gzip
Content-Length:20
Connection:close
Content-Type:text / plain; charset = UTF-8
t = 1377880872647 [st = 1010] -HTTP_TRANSACTION_READ_HEADERS
t = 1377880872647 [st = 1010] + URL_REQUEST_BLOCKED_ON_DELEGATE [dt = 12445]
t = 1377880885091 [st = 13454] CANCELLED
t = 1377880885092 [st = 13455] -URL_REQUEST_START_JOB
- > net_error = -3(ERR_ABORTED)
t = 1377880885092 [st = 13455] -REQUEST_ALIVE
最后,您可以看到已取消,因为URL_REQUEST_BLOCKED_ON_DELEGATE。我不知道这是什么意思。
有没有人知道是什么原因导致Chrome取消此请求?
$ b如果没有HTTP 302重定向, $ b
如果响应GET或HEAD之外的请求接收到302状态代码,则用户代理不得自动重定向请求,除非它可以由用户确认,因为这可能会更改发出请求的条件。
It looks like according to the CORS Spec, GET and POST requests should transparently follow 302 redirects. But Chrome is canceling my request.
Here's the JS that does the request:
var r = new XMLHttpRequest();
r.open('GET', 'https://dev.mysite.com/rest', true);
r.send();
Here's what should happen:
But after step 2, Chrome cancels the request. If there was no HTTP 302, the request would work perfectly. I've confirmed this.
When the request runs, I can see in Chrome's Network panel only one XHR -- a canceled POST request with no response headers or response body.
Debugging with Chrome's net-internals tool, I see that there was a response sent from the server, and after that, the request was cancelled. Here is the output of the request:
79295: URL_REQUEST
https://dev.mysite.com/rest
Start Time: 2013-08-30 12:41:11.637
t=1377880871637 [st= 0] +REQUEST_ALIVE [dt=13455]
t=1377880871638 [st= 1] URL_REQUEST_BLOCKED_ON_DELEGATE [dt=1]
--> delegate = "extension Adblock Plus"
t=1377880871639 [st= 2] +URL_REQUEST_START_JOB [dt=13453]
--> load_flags = 143540480 (DO_NOT_SAVE_COOKIES | DO_NOT_SEND_AUTH_DATA | DO_NOT_SEND_COOKIES | ENABLE_LOAD_TIMING | MAYBE_USER_GESTURE | REPORT_RAW_HEADERS | VERIFY_EV_CERT)
--> method = "POST"
--> priority = 2
--> upload_id = "0"
--> url = "https://dev.mysite.com/rest"
t=1377880871639 [st= 2] HTTP_CACHE_GET_BACKEND [dt=0]
t=1377880871639 [st= 2] +HTTP_STREAM_REQUEST [dt=7]
t=1377880871646 [st= 9] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 79296 (HTTP_STREAM_JOB)
t=1377880871646 [st= 9] -HTTP_STREAM_REQUEST
t=1377880871646 [st= 9] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=1377880871646 [st= 9] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /facultyportfolio-rest HTTP/1.1
Host: dev.liberty.edu
Connection: keep-alive
Content-Length: 46
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: http://localhost:8080/ajaxtest.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
t=1377880871646 [st= 9] HTTP_TRANSACTION_SEND_REQUEST_BODY
--> did_merge = true
--> is_chunked = false
--> length = 46
t=1377880871646 [st= 9] -HTTP_TRANSACTION_SEND_REQUEST
t=1377880871646 [st= 9] +HTTP_TRANSACTION_READ_HEADERS [dt=1001]
t=1377880871646 [st= 9] HTTP_STREAM_PARSER_READ_HEADERS [dt=1000]
t=1377880872646 [st= 1009] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 302 Found
Date: Fri, 30 Aug 2013 16:41:11 GMT
Server: Apache/2
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Credentials: true
Location: https://dev.mysite.com/rest/
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/plain; charset=UTF-8
t=1377880872647 [st= 1010] -HTTP_TRANSACTION_READ_HEADERS
t=1377880872647 [st= 1010] +URL_REQUEST_BLOCKED_ON_DELEGATE [dt=12445]
t=1377880885091 [st=13454] CANCELLED
t=1377880885092 [st=13455] -URL_REQUEST_START_JOB
--> net_error = -3 (ERR_ABORTED)
t=1377880885092 [st=13455] -REQUEST_ALIVE
At the end, you can see "Cancelled" because of "URL_REQUEST_BLOCKED_ON_DELEGATE". I don't know what that means. But again, if there was no HTTP 302 redirect, the error would not occur.
Does anyone know what is causing Chrome to cancel this request?
If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
这篇关于Chrome通过HTTP 302重定向取消CORS XHR的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
