401魔术重定向导致302重定向 [英] 401 redirect magically results in a 302 redirect
问题描述
我使用重定向
类将未登录的用户发送到登录页面,并使用 401 状态码:
return Redirect :: to('login',401);
这会发送正确的位置标题,但状态码设置为 302 。
我已经将它追踪到底部 Response
$ b
laravel / vendor / Symfony / Component / HttpFoundation / Response.php
blockquote>
以及它的调用:
$这 - > setStatusCode($状态);
包含正确的 401 代码。
我也试过倾销这个对象:
var_dump(Redirect :: to('login',401) - > foundation);
我可以看到受保护的
statusCode
属性被正确设置为 401 。
但是,生成的响应的HTTP状态码设置为 302 。
什么给了?我是否使用它?
PS 我也在Laravel的论坛上发布了这一消息,无济于事。
解决方案这不是因为laravel,你可以用(php 5.4在windows中)重现这一点:
<?php
header(HTTP / 1.1 401 Unauthorized);
header(Location:http://www.google.com);
看来php会将它设置为302:
$ php-cgitest.php
状态:302暂时移动
位置:http://www.google.com
Content-键入:text / html; charset = UTF-8
在PHP源代码main / SAPI.C中:
$ b (!(sapi_headers).http_response_code <300 |
$ b}否则if(!STRCASECMP(header_line,Location)){
if |
SG(sapi_headers).http_response_code> 307)&&
SG(sapi_headers).http_response_code!= 201){
/ *如果还没有指定发现重定向* /
if(http_response_code){/ *用户指定的重定向代码* /
sapi_update_response_code(http_response_code TSRMLS_CC); (SG(request_info).proto_num> 1000&&
SG(request_info).request_method&&
strcmp(SG(request_info).request_method,HEAD )&&
strcmp(SG(request_info).request_method,GET)){
sapi_update_response_code(303 TSRMLS_CC);
} else {
sapi_update_response_code(302 TSRMLS_CC);
$ b正如你所看到的,当你做
header()
与Location
,http状态代码被修改为302
如果你这样做,你可以使它工作:
<?php
标题(位置:http://www.google.com);
header(HTTP / 1.1 401 Unauthorized);
这会给出:
$ php-cgitest.php
状态:401未授权
位置:http://www.google.com
内容类型:text / html ; charset = UTF-8
但是laravel在设置状态后设置位置,所以状态被重新设置为无论如何。但这是一个有争议的问题,即使您使用位置标题成功将状态设置为401,重定向也不会被浏览器跟踪。
I'm using the
Redirect
class to send non-logged-in users to the login page, with a 401 status code:return Redirect::to('login', 401);
This sends the correct location header, but the status code is set to 302.
I've traced it all the way to the base
Response
class inlaravel/vendor/Symfony/Component/HttpFoundation/Response.php
and it's calling:
$this->setStatusCode($status);
with the correct 401 code.
I also tried dumping the object:
var_dump( Redirect::to('login', 401)->foundation );
and I can see the protected
statusCode
property is correctly set to 401.
Still, the generated response's HTTP status code is set to 302.
What gives? Am I using it wrong?
P.S. I also posted this on Laravel's forums, to no avail.
解决方案This is not because of laravel, you can reproduce this with just (php 5.4 in windows):
<?php header("HTTP/1.1 401 Unauthorized"); header("Location: http://www.google.com");
It appears php sets it to 302:
$ php-cgi "test.php" Status: 302 Moved Temporarily Location: http://www.google.com Content-type: text/html; charset=UTF-8
In PHP source code main/SAPI.C:
} else if (!STRCASECMP(header_line, "Location")) { if ((SG(sapi_headers).http_response_code < 300 || SG(sapi_headers).http_response_code > 307) && SG(sapi_headers).http_response_code != 201) { /* Return a Found Redirect if one is not already specified */ if (http_response_code) { /* user specified redirect code */ sapi_update_response_code(http_response_code TSRMLS_CC); } else if (SG(request_info).proto_num > 1000 && SG(request_info).request_method && strcmp(SG(request_info).request_method, "HEAD") && strcmp(SG(request_info).request_method, "GET")) { sapi_update_response_code(303 TSRMLS_CC); } else { sapi_update_response_code(302 TSRMLS_CC); } }
As you can see, when you do
header()
with"Location"
, the http status code is modified to 302You can make it work if you do it the other way around:
<?php header("Location: http://www.google.com"); header("HTTP/1.1 401 Unauthorized");
This will give:
$ php-cgi "test.php" Status: 401 Unauthorized Location: http://www.google.com Content-type: text/html; charset=UTF-8
But laravel sets the location after setting status, so the status is set back to 302 anyway. But this is a moot point, even if you successfully set status to 401 with a location header, the redirect is not followed by browsers.
这篇关于401魔术重定向导致302重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!