我在使用 IE10 时遇到以下问题(其他浏览器,如 Firefox、Opera、Chrome 和较旧的 IE 版本似乎不受影响。
(1) 浏览器点击一个响应 HTTP 302 重定向到不同站点的页面(为了执行登录):
要求:
GET https://www.domain-one.de/startpage.aspx?... HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Host: www.domain-one.de
Pragma: no-cache
Connection: Keep-Alive
Cookie: ...
回复:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.domain-two.com/login?tid=hGZmFb77-9VyiwfkhIXIRMDp
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="NOi CURa TAIa OUR NOR UNI"
Date: Tue, 13 Aug 2013 19:01:22 GMT
Content-Length: 190
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.domain-two.com/login?tid=hGZmFb77-9VyiwfkhIXIRMDp">here</a>.</h2>
</body></html>
(2) IE 遵循这个重定向。服务器设置一些 cookie 并重定向回原始站点:
要求:
GET https://login.domain-two.com/login?tid=hGZmFb77-9VyiwfkhIXIRMDp HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: login.domain-two.com
DNT: 1
Cookie: ...
Pragma: no-cache
Connection: Keep-Alive
回复:
HTTP/1.1 302 Found
Date: Tue, 13 Aug 2013 19:01:22 GMT
Server: Apache
P3P: CP="NOI CURa TAIa OUR NOR UNI"
Location: https://www.domain-one.de/BackFromLogin.aspx?TID=hGZmFb77-9VyiwfkhIXIRMDp
Content-Length: 277
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://dwww.domain-one.de/BackFromLogin.aspx?TID=hGZmFb77-9VyiwfkhIXIRMDp">here</a>.</p>
</body></html>
(3) 到这里为止,一切正常。但是,IE10 现在会忽略刚刚收到的响应并再次遵循相同的重定向:
要求:
GET https://login.domain-two.com/login?tid=hGZmFb77-9VyiwfkhIXIRMDp HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: de-DE
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: login.domain-two.com
DNT: 1
Connection: Keep-Alive
Cookie: ...
这个服务器检测到这个重复的请求并拒绝它,并返回一个错误页面(我知道 HTTP GET 应该是幂等的,但这就是这个站点的工作方式)。
我无法理解为什么 IE10 会忽略原始响应并再次发出相同的请求(尽管没有“Pragma: no-cache”标头)。你有什么主意吗?