0

我正在更改下载端点的行为以重定向到实际下载文件的不同域。这在 IE10 中已经开始失败(之前没有尝试过),而它在 Chrome 等中运行良好。人。它不会打开下载对话框,而是将用户重定向到新文件的 url,然后打开对话框。

这是新的请求序列及其标头:

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.1.19
Date: Wed, 02 Oct 2013 11:30:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 307 Temporary Redirect
X-Content-Type-Options: nosniff
X-Date: 1380713407016
Cache-Control: max-age=0, private
Location: https://someotherdomain.com/files/100?token=jfkldsfdshlfsdlkdfs
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Robots-Tag: none
X-Runtime: 0.129865
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge,chrome=1

curl -I "https://someotherdomain.com/files/100?token=jfkldsfdshlfsdlkdfs"
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Wed, 02 Oct 2013 11:19:43 GMT
Content-Type: image/jpeg
Content-Length: 9961
Connection: keep-alive
Content-Disposition: attachment; filename="some file "with" + & wierd characters.jpeg"; filename*=UTF-8''some%20file%20%22with%22%20%2B%20%26%20wierd%20characters.jpeg
Last-Modified: Fri, 20 Sep 2013 15:30:53 GMT
ETag: "04e88973d658dc21e263865cbd6d20da"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-Download-Options: noopen
Cache-Control: max-age=0, must-revalidate
Expires: Fri, 01 Jan 1990 00:00:00 GMT

任何人都可以看到任何可疑的东西。我被引导相信 Content-Type 和 Content-Disposition 是重要的标头并且它们没问题,因此它必须是导致问题的重定向/新域。

4

1 回答 1

0

找到了。原始域位于 Intranet 选项卡下的公司安全策略中,即 Internet 选项,而第二个域则没有。

于 2013-10-02T15:50:48.467 回答