搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox does not follow 302 redirect

  • 1 个回答
  • 1 人有此问题
  • 12 次查看
  • 最后回复者为 d3458739458

more options

Hi,

why does Firefox not follow a redirect response it gets from server a to go to a page on server b?

This happens when I use "oauth" to login with linkedin.com or xing.com. The login is reported successful with a 302 redirect response, but firefox does not follow to the location, to tell server that initiated the oauth process, that the login worked.

The old page of server a just stays there. When I copy the location from the 302 response into the address bar and hit return, then the oauth process finishes successfully.

Other 302 redirects are being followed normally... what's wrong with these ones?

Find attached the 302 request/responses.

Best regards


---Request to xing.com ------------------------------------------------------------

Request-Headers:


GET /v1/authorize?oauth_token=cd563afae9d33bfe249e HTTP/1.1 Host: api.xing.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-CH,en-GB;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://login.xing.com/continue?application_name=my.server.com&application_website=https%3A%2F%2Fmy.server.com%2F&dest_url=https%3A%2F%2Fapi.xing.com%2Fv1%2Flogin_successful%3Fattempt%3D0%26oauth_token%3Dcd563afae9d33bfe249e&locale=de&logged_out_sid=206d8b0888fb756b086495ead20f51a9&section=oauth&token_param=login_token Cookie: s_fid=49960A8B018821BB-398B08D9D9B76FBD; s_vi=[CS]v1|2B2054DE853121B7-6000010F2003EA74[CE]; c_=02ebe019e3f0a6b9fa4fec6affab748f; language=de; s_cc=true; s_sq=xingcomprod%3D%2526pid%253Dlogin_app%25252Flogin%25252Fcontinue%25252Foauth%2526pidt%253D1%2526oid%253DEinloggen%2526oidt%253D3%2526ot%253DSUBMIT; xws_login_session=BAhJIjg0MzA5NTY5LXI2OGkzMEsyM3lkMVN1NlpyQnFRTjdERWxMbjl3N0FLSWpwaHkxSE52V1EGOgZFVA%3D%3D--fe57839a71d31febffaf37dab2be492fabb654e0 Connection: keep-alive


Response-Headers:


HTTP/1.1 302 Found Date: Fri, 27 Nov 2015 14:37:30 GMT Server: Apache X-Frame-Options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff Cache-Control: no-cache X-Logjam-Request-Id: xws-production-b9293a6a6ac2463db1030db6e7ac5c15 X-Logjam-Request-Action: WebService::OauthController#authorize X-Request-Id: 67fa147e-7294-4191-bc3f-2cf49d90c1ba X-Runtime: 0.143464 X-Powered-By: Phusion Passenger 4.0.59 Location: https://my.server.com/de/social/endpoint?hauth.done=Xing&oauth_token=cd563afae9d33bfe249e&oauth_verifier=4548 Status: 302 Found Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 172 Keep-Alive: timeout=5, max=7 Connection: Keep-Alive Content-Type: text/html; charset=utf-8


---Request to linkedin.com ------------------------------------------------------------

Request-Headers:


GET /uas/oauth/authenticate?oauth_token=78--65d791f2-16ac-403b-a227-e2425cf04094 HTTP/1.1 Host: www.linkedin.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-CH,en-GB;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://my.server.com/de/signup/xing?nocache=1448635043297 Cookie: bcookie="v=2&92b47b8a-0682-4e3f-8061-fa7b6f410d77"; JSESSIONID="ajax:1143168962939487925"; visit="v=1&M"; bscookie="v=1&20151102162014d53740a0-0d42-4663-8cf6-240b92aa523aAQE8DJimFodXl_OnJdid8zRrTA5CiFuY"; sl="v=1&g7MEX"; liap=true; li_at=AQEDAQJ1gzEArpMIAAABUSQQFO4AAAFRSbUoik4ATC0ohYnUs9W_IXENGSoDLvcgk1ZE_mgXGsaofqivJsVvCbdyNsNfr_e5sHilhR7mVugLQO0SGOiXn8s_dFlLF_2TWKnsQfuBw0XHiit_Nazhj_eu; _lipt=0_9B8HHw-yxNPbmEFVn083VgpSs-SSN-uuW7qYOtB6TbPe78vj812wtnmyeYahtW7EHwUT2RyGtFNtQ1tVPjAmiMt9usy8sHthTODsEfmoAISfPYrYE99zOLPF6dKdBv7pI87by1Zj6LnySUyy46-oZxgaE0S9BcnTd_AD4cl38xcbBuMFrgQy1Vkn3mcK6h8TFUodD8B-m5CLnvo_wUov_PVrAbzBnDb4N43UN-4lchXLwWOWN3UVKpf1AQa96IXI5502rl1LPL3dTfDlpv48W7G1-8dAAHOly271_rcv_vs; _ga=GA1.2.481043914.1446481247; _cb_ls=1; _chartbeat2=D723u9zYa5kDq5R15.1447401965806.1447402241421.1; csrftoken=HC7JbZUuFdF78sZDYqLnvvOxlZmA8pFk; sessionid="eyJkamFuZ29fdGltZXpvbmUiOiJFdXJvcGUvQmVybGluIn0:1ZzgTY:c9tJUsZ6ALJHtQglA_8uHau5Tik"; __utma=226841088.481043914.1446481247.1448291617.1448291617.1; __utmz=226841088.1448291617.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=226841088.authorized; lidc="b=TB29:g=246:u=46:i=1448625460:t=1448711860:s=AQGneCiy2VOHWqS0lIRJShjDjmd5bR5I" Connection: keep-alive


Response-Headers:


HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Location: https://my.server.com/de/social/endpoint?hauth.done=LinkedIn&oauth_token=78--65d791f2-16ac-403b-a227-e2425cf04094&oauth_verifier=95756 Content-Language: en-US Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 27 Nov 2015 14:39:43 GMT X-FS-UUID: e471085106961a14c0c013c9722b0000 x-content-type-options: nosniff X-Li-Fabric: prod-ltx1 Strict-Transport-Security: max-age=0 Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Transfer-Encoding: chunked Connection: keep-alive X-Li-Pop: prod-tln1 X-LI-UUID: 5HEIUQaWGhTAwBPJcisAAA==

Hi, why does Firefox not follow a redirect response it gets from server a to go to a page on server b? This happens when I use "oauth" to login with linkedin.com or xing.com. The login is reported successful with a 302 redirect response, but firefox does not follow to the location, to tell server that initiated the oauth process, that the login worked. The old page of server a just stays there. When I copy the location from the 302 response into the address bar and hit return, then the oauth process finishes successfully. Other 302 redirects are being followed normally... what's wrong with these ones? Find attached the 302 request/responses. Best regards ---Request to xing.com ------------------------------------------------------------ Request-Headers: ------------------- GET /v1/authorize?oauth_token=cd563afae9d33bfe249e HTTP/1.1 Host: api.xing.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-CH,en-GB;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://login.xing.com/continue?application_name=my.server.com&application_website=https%3A%2F%2Fmy.server.com%2F&dest_url=https%3A%2F%2Fapi.xing.com%2Fv1%2Flogin_successful%3Fattempt%3D0%26oauth_token%3Dcd563afae9d33bfe249e&locale=de&logged_out_sid=206d8b0888fb756b086495ead20f51a9&section=oauth&token_param=login_token Cookie: s_fid=49960A8B018821BB-398B08D9D9B76FBD; s_vi=[CS]v1|2B2054DE853121B7-6000010F2003EA74[CE]; c_=02ebe019e3f0a6b9fa4fec6affab748f; language=de; s_cc=true; s_sq=xingcomprod%3D%2526pid%253Dlogin_app%25252Flogin%25252Fcontinue%25252Foauth%2526pidt%253D1%2526oid%253DEinloggen%2526oidt%253D3%2526ot%253DSUBMIT; xws_login_session=BAhJIjg0MzA5NTY5LXI2OGkzMEsyM3lkMVN1NlpyQnFRTjdERWxMbjl3N0FLSWpwaHkxSE52V1EGOgZFVA%3D%3D--fe57839a71d31febffaf37dab2be492fabb654e0 Connection: keep-alive Response-Headers: ----------------- HTTP/1.1 302 Found Date: Fri, 27 Nov 2015 14:37:30 GMT Server: Apache X-Frame-Options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff Cache-Control: no-cache X-Logjam-Request-Id: xws-production-b9293a6a6ac2463db1030db6e7ac5c15 X-Logjam-Request-Action: WebService::OauthController#authorize X-Request-Id: 67fa147e-7294-4191-bc3f-2cf49d90c1ba X-Runtime: 0.143464 X-Powered-By: Phusion Passenger 4.0.59 Location: https://my.server.com/de/social/endpoint?hauth.done=Xing&oauth_token=cd563afae9d33bfe249e&oauth_verifier=4548 Status: 302 Found Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 172 Keep-Alive: timeout=5, max=7 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 ---Request to linkedin.com ------------------------------------------------------------ Request-Headers: ---------------- GET /uas/oauth/authenticate?oauth_token=78--65d791f2-16ac-403b-a227-e2425cf04094 HTTP/1.1 Host: www.linkedin.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-CH,en-GB;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://my.server.com/de/signup/xing?nocache=1448635043297 Cookie: bcookie="v=2&92b47b8a-0682-4e3f-8061-fa7b6f410d77"; JSESSIONID="ajax:1143168962939487925"; visit="v=1&M"; bscookie="v=1&20151102162014d53740a0-0d42-4663-8cf6-240b92aa523aAQE8DJimFodXl_OnJdid8zRrTA5CiFuY"; sl="v=1&g7MEX"; liap=true; li_at=AQEDAQJ1gzEArpMIAAABUSQQFO4AAAFRSbUoik4ATC0ohYnUs9W_IXENGSoDLvcgk1ZE_mgXGsaofqivJsVvCbdyNsNfr_e5sHilhR7mVugLQO0SGOiXn8s_dFlLF_2TWKnsQfuBw0XHiit_Nazhj_eu; _lipt=0_9B8HHw-yxNPbmEFVn083VgpSs-SSN-uuW7qYOtB6TbPe78vj812wtnmyeYahtW7EHwUT2RyGtFNtQ1tVPjAmiMt9usy8sHthTODsEfmoAISfPYrYE99zOLPF6dKdBv7pI87by1Zj6LnySUyy46-oZxgaE0S9BcnTd_AD4cl38xcbBuMFrgQy1Vkn3mcK6h8TFUodD8B-m5CLnvo_wUov_PVrAbzBnDb4N43UN-4lchXLwWOWN3UVKpf1AQa96IXI5502rl1LPL3dTfDlpv48W7G1-8dAAHOly271_rcv_vs; _ga=GA1.2.481043914.1446481247; _cb_ls=1; _chartbeat2=D723u9zYa5kDq5R15.1447401965806.1447402241421.1; csrftoken=HC7JbZUuFdF78sZDYqLnvvOxlZmA8pFk; sessionid="eyJkamFuZ29fdGltZXpvbmUiOiJFdXJvcGUvQmVybGluIn0:1ZzgTY:c9tJUsZ6ALJHtQglA_8uHau5Tik"; __utma=226841088.481043914.1446481247.1448291617.1448291617.1; __utmz=226841088.1448291617.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=226841088.authorized; lidc="b=TB29:g=246:u=46:i=1448625460:t=1448711860:s=AQGneCiy2VOHWqS0lIRJShjDjmd5bR5I" Connection: keep-alive Response-Headers: ----------------- HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Location: https://my.server.com/de/social/endpoint?hauth.done=LinkedIn&oauth_token=78--65d791f2-16ac-403b-a227-e2425cf04094&oauth_verifier=95756 Content-Language: en-US Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 27 Nov 2015 14:39:43 GMT X-FS-UUID: e471085106961a14c0c013c9722b0000 x-content-type-options: nosniff X-Li-Fabric: prod-ltx1 Strict-Transport-Security: max-age=0 Set-Cookie: _lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ lang="v=2&lang=en-us"; Version=1; Domain=linkedin.com; Path=/ Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache, no-store Transfer-Encoding: chunked Connection: keep-alive X-Li-Pop: prod-tln1 X-LI-UUID: 5HEIUQaWGhTAwBPJcisAAA==

所有回复 (1)

more options

PS: the same process works fine in Chrome