Web Services HSTS正在端口80上使用远程地址从HTTP重定向到HTTPS

klr1opcd  于 2022-11-15  发布在  其他
关注(0)|答案(1)|浏览(181)

我们遇到了一个奇怪的问题,有时浏览器会决定使用端口80进行HTTPS。
不工作时的流如下所示(从网络devtools复制):

以端口80作为远程地址的流

第一次请求:

Request URL: http://app1.test/
    Request Method: GET
    Status Code: 307 Temporary Redirect
    Remote Address: :80

    Response headers
    Cross-Origin-Resource-Policy: Cross-Origin
    Location: https://app1.test/
    Non-Authoritative-Reason: HSTS

第二次请求

Request URL: https://app1.test/
Request Method: GET
Status Code: 302 Found
Remote Address: 192.168.xxx.xxx:80

Response headers

cache-control: no-store
content-length: 1535
content-security-policy: frame-ancestors 'none'
content-type: text/html
date: Fri, 01 Jul 2022 12:04:03 GMT
location: https://***/mga/sps/oidc/rp/***/kickoff/***?authLevel=2&autologon=true&TAM_OP=login
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
Set-Cookie: wap-***-session-cookie=***; Domain=***.int; Path=/; SameSite=None; Secure; HttpOnly
Set-Cookie: PD-S-SESSION-ID-wap-oidc-int=***:1_2_0_6gpve0u3mSK+***|; Domain=.***.int; Path=/; SameSite=None; Secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1

这会导致我们的负载平衡器出现问题,因为它会命中不同的端点。

工作油口443的流量

通常情况下,流程如下所示,没有任何问题:

Request URL: http://app1.test/
Request Method: GET
Status Code: 307 Internal Redirect
Referrer Policy: strict-origin-when-cross-origin

Response headers:

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://app1.test/
Non-Authoritative-Reason: HSTS

第二个要求:

Request URL: https://app1.test/
Request Method: GET
Status Code: 302 Moved Temporarily
Remote Address: 192.168.xxx.xxx:443
Referrer Policy: strict-origin-when-cross-origin

Response headers:

cache-control: no-store
content-length: 1535
content-security-policy: frame-ancestors 'none'
content-type: text/html
date: Fri, 01 Jul 2022 13:19:21 GMT
location: https://***/mga/sps/oidc/rp/***/kickoff/***?authLevel=2&autologon=true&TAM_OP=login
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
Set-Cookie: wap-***-session-cookie=***; Domain=***.int; Path=/; SameSite=None; Secure; HttpOnly
Set-Cookie: PD-S-SESSION-ID-wap-oidc-int=***; Domain=.***.int; Path=/; SameSite=None; Secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1

有人知道为什么浏览器有时使用“远程地址:80”吗?

s5a0g9ez

s5a0g9ez1#

结果发现它实际上使用的是端口443。我正在查看一位同事的HAR导出,Chromium中存在一个错误:
https://bugs.chromium.org/p/chromium/issues/detail?id=1334230

相关问题