我们遇到了一个奇怪的问题,有时浏览器会决定使用端口80进行HTTPS。
不工作时的流如下所示(从网络devtools复制):
以端口80作为远程地址的流
第一次请求:
Request URL: http://app1.test/
Request Method: GET
Status Code: 307 Temporary Redirect
Remote Address: :80
Response headers
Cross-Origin-Resource-Policy: Cross-Origin
Location: https://app1.test/
Non-Authoritative-Reason: HSTS
第二次请求
Request URL: https://app1.test/
Request Method: GET
Status Code: 302 Found
Remote Address: 192.168.xxx.xxx:80
Response headers
cache-control: no-store
content-length: 1535
content-security-policy: frame-ancestors 'none'
content-type: text/html
date: Fri, 01 Jul 2022 12:04:03 GMT
location: https://***/mga/sps/oidc/rp/***/kickoff/***?authLevel=2&autologon=true&TAM_OP=login
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
Set-Cookie: wap-***-session-cookie=***; Domain=***.int; Path=/; SameSite=None; Secure; HttpOnly
Set-Cookie: PD-S-SESSION-ID-wap-oidc-int=***:1_2_0_6gpve0u3mSK+***|; Domain=.***.int; Path=/; SameSite=None; Secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1
这会导致我们的负载平衡器出现问题,因为它会命中不同的端点。
工作油口443的流量
通常情况下,流程如下所示,没有任何问题:
Request URL: http://app1.test/
Request Method: GET
Status Code: 307 Internal Redirect
Referrer Policy: strict-origin-when-cross-origin
Response headers:
Cross-Origin-Resource-Policy: Cross-Origin
Location: https://app1.test/
Non-Authoritative-Reason: HSTS
第二个要求:
Request URL: https://app1.test/
Request Method: GET
Status Code: 302 Moved Temporarily
Remote Address: 192.168.xxx.xxx:443
Referrer Policy: strict-origin-when-cross-origin
Response headers:
cache-control: no-store
content-length: 1535
content-security-policy: frame-ancestors 'none'
content-type: text/html
date: Fri, 01 Jul 2022 13:19:21 GMT
location: https://***/mga/sps/oidc/rp/***/kickoff/***?authLevel=2&autologon=true&TAM_OP=login
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
Set-Cookie: wap-***-session-cookie=***; Domain=***.int; Path=/; SameSite=None; Secure; HttpOnly
Set-Cookie: PD-S-SESSION-ID-wap-oidc-int=***; Domain=.***.int; Path=/; SameSite=None; Secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1
有人知道为什么浏览器有时使用“远程地址:80”吗?
1条答案
按热度按时间s5a0g9ez1#
结果发现它实际上使用的是端口443。我正在查看一位同事的HAR导出,Chromium中存在一个错误:
https://bugs.chromium.org/p/chromium/issues/detail?id=1334230