Firefox does not follow 302 redirect
Hi,
why does Firefox not follow a redirect response it gets from server a to go to a page on server b?
This happens when I use "oauth" to login with linkedin.com or xing.com. The login is reported successful with a 302 redirect response, but firefox does not follow to the location, to tell server that initiated the oauth process, that the login worked.
The old page of server a just stays there. When I copy the location from the 302 response into the address bar and hit return, then the oauth process finishes successfully.
Other 302 redirects are being followed normally... what's wrong with these ones?
Find attached the 302 request/responses.
Best regards
---Request to xing.com ------------------------------------------------------------
Request-Headers:
GET /v1/authorize?oauth_token=cd563afae9d33bfe249e HTTP/1.1 Host: api.xing.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-CH,en-GB;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://login.xing.com/continue?application_name=my.server.com&application_website=https%3A%2F%2Fmy.server.com%2F&dest_url=https%3A%2F%2Fapi.xing.com%2Fv1%2Flogin_successful%3Fattempt%3D0%26oauth_token%3Dcd563afae9d33bfe249e&locale=de&logged_out_sid=206d8b0888fb756b086495ead20f51a9§ion=oauth&token_param=login_token Cookie: s_fid=49960A8B018821BB-398B08D9D9B76FBD; s_vi=[CS]v1|2B2054DE853121B7-6000010F2003EA74[CE]; c_=02ebe019e3f0a6b9fa4fec6affab748f; language=de; s_cc=true; s_sq=xingcomprod%3D%2526pid%253Dlogin_app%25252Flogin%25252Fcontinue%25252Foauth%2526pidt%253D1%2526oid%253DEinloggen%2526oidt%253D3%2526ot%253DSUBMIT; xws_login_session=BAhJIjg0MzA5NTY5LXI2OGkzMEsyM3lkMVN1NlpyQnFRTjdERWxMbjl3N0FLSWpwaHkxSE52V1EGOgZFVA%3D%3D--fe57839a71d31febffaf37dab2be492fabb654e0 Connection: keep-alive
Response-Headers:
HTTP/1.1 302 Found Date: Fri, 27 Nov 2015 14:37:30 GMT Server: Apache X-Frame-Options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff Cache-Control: no-cache X-Logjam-Request-Id: xws-production-b9293a6a6ac2463db1030db6e7ac5c15 X-Logjam-Request-Action: WebService::OauthController#authorize X-Request-Id: 67fa147e-7294-4191-bc3f-2cf49d90c1ba X-Runtime: 0.143464 X-Powered-By: Phusion Passenger 4.0.59 Location: https://my.server.com/de/social/endpoint?hauth.done=Xing&oauth_token=cd563afae9d33bfe249e&oauth_verifier=4548 Status: 302 Found Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 172 Keep-Alive: timeout=5, max=7 Connection: Keep-Alive Content-Type: text/html; charset=utf-8
---Request to linkedin.com ------------------------------------------------------------
Request-Headers:
GET /uas/oauth/authenticate?oauth_token=78--65d791f2-16ac-403b-a227-e2425cf04094 HTTP/1.1 Host: www.linkedin.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-CH,en-GB;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://my.server.com/de/signup/xing?nocache=1448635043297 Cookie: bcookie="v=2&92b47b8a-0682-4e3f-8061-fa7b6f410d77"; JSESSIONID="ajax:1143168962939487925"; visit="v=1&M"; bscookie="v=1&20151102162014d53740a0-0d42-4663-8cf6-240b92aa523aAQE8DJimFodXl_OnJdid8zRrTA5CiFuY"; sl="v=1&g7MEX"; liap=true; li_at=AQEDAQJ1gzEArpMIAAABUSQQFO4AAAFRSbUoik4ATC0ohYnUs9W_IXENGSoDLvcgk1ZE_mgXGsaofqivJsVvCbdyNsNfr_e5sHilhR7mVugLQO0SGOiXn8s_dFlLF_2TWKnsQfuBw0XHiit_Nazhj_eu; _lipt=0_9B8HHw-yxNPbmEFVn083VgpSs-SSN-uuW7qYOtB6TbPe78vj812wtnmyeYahtW7EHwUT2RyGtFNtQ1tVPjAmiMt9usy8sHthTODsEfmoAISfPYrYE99zOLPF6dKdBv7pI87by1Zj6LnySUyy46-oZxgaE0S9BcnTd_AD4cl38xcbBuMFrgQy1Vkn3mcK6h8TFUodD8B-m5CLnvo_wUov_PVrAbzBnDb4N43UN-4lchXLwWOWN3UVKpf1AQa96IXI5502rl1LPL3dTfDlpv48W7G1-8dAAHOly271_rcv_vs; _ga=GA1.2.481043914.1446481247; _cb_ls=1; _chartbeat2=D723u9zYa5kDq5R15.1447401965806.1447402241421.1; csrftoken=HC7JbZUuFdF78sZDYqLnvvOxlZmA8pFk; sessionid="eyJkamFuZ29fdGltZXpvbmUiOiJFdXJvcGUvQmVybGluIn0:1ZzgTY:c9tJUsZ6ALJHtQglA_8uHau5Tik"; __utma=226841088.481043914.1446481247.1448291617.1448291617.1; __utmz=226841088.1448291617.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=226841088.authorized; lidc="b=TB29:g=246:u=46:i=1448625460:t=1448711860:s=AQGneCiy2VOHWqS0lIRJShjDjmd5bR5I" Connection: keep-alive
Response-Headers:
HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Location: https://my.server.com/de/social/endpoint?hauth.done=LinkedIn&oauth_token=78--65d791f2-16ac-403b-a227-e2425cf04094&oauth_verifier=95756 Content-Language: en-US Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 27 Nov 2015 14:39:43 GMT X-FS-UUID: e471085106961a14c0c013c9722b0000 x-content-type-options: nosniff X-Li-Fabric: prod-ltx1 Strict-Transport-Security: max-age=0 Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Transfer-Encoding: chunked Connection: keep-alive X-Li-Pop: prod-tln1 X-LI-UUID: 5HEIUQaWGhTAwBPJcisAAA==
Wšě wotmołwy (1)
PS: the same process works fine in Chrome