如何诊断重定向无限循环
How to diagnose Redirect infinite loop
我们不得不从 servicestack v5.4 免费版降级回 v4.5.14 付费版。进行降级编译所需的唯一更改是服务代码中的一行:
v5.4 代码:
[FallbackRoute("/{PathInfo*}", Matches="AcceptsHtml")]
v4.5.14代码:
[FallbackRoute("/{PathInfo*}")]
我还没有弄清楚如何在 4.5.14 中实现 'matches' 部分,但是代码似乎仍然 运行 并且从服务 运行 的 VS2017 启动时s 作为命令行 web 服务,但是间歇性地出现 infinite-redirect。在应用程序 运行 作为 windows 服务的产品中,无限重定向在 100% 的时间内发生。
结果是当我访问url:
https://server.domain.com:port
应该简单地重定向到:
https://server.domain.com:port/login
这是怎么回事:
https://server.domain.com:9797/login?redirect=https%3a%2f%2fserver.domain.com%3a9797%2flogin%3fredirect%3dhttps%253a%252f%252fserver.domain.com%253a9797%252flogin%253fredirect%253dhttps%25253a%25252f%25252fserver.domain.com%25253a9797%25252flogin%25253fredirect%25253dhttps%2525253a%2525252f%2525252fserver.domain.com%2525253a9797%2525252flogin%2525253fredirect%2525253dhttps%252525253a%252525252f%252525252fserver.domain.com%252525253a9797%252525252flogin%252525253fredirect%252525253dhttps%25252525253a%25252525252f%25252525252fserver.domain.com%25252525253a9797%25252525252flogin%25252525253fredirect%25252525253dhttps%2525252525253a%2525252525252f%2525252525252fserver.domain.com%2525252525253a9797%2525252525252flogin%2525252525253fredirect%2525252525253dhttps%252525252525253a%252525252525252f%252525252525252fserver.domain.com%252525252525253a9797%252525252525252flogin%252525252525253fredirect%252525252525253dhttps%25252525252525253a%25252525252525252f%25252525252525252fserver.domain.com%25252525252525253a9797%25252525252525252flogin%25252525252525253fredirect%25252525252525253dhttps%2525252525252525253a%2525252525252525252f%2525252525252525252fserver.domain.com%2525252525252525253a9797%2525252525252525252flogin%2525252525252525253fredirect%2525252525252525253dhttps%252525252525252525253a%252525252525252525252f%252525252525252525252fserver.domain.com%252525252525252525253a9797%252525252525252525252flogin%252525252525252525253fredirect%252525252525252525253dhttps%25252525252525252525253a%25252525252525252525252f%25252525252525252525252fserver.domain.com%25252525252525252525253a9797%25252525252525252525252flogin%25252525252525252525253fredirect%25252525252525252525253dhttps%2525252525252525252525253a%2525252525252525252525252f%2525252525252525252525252fserver.domain.com%2525252525252525252525253a9797%2525252525252525252525252flogin%2525252525252525252525253fredirect%2525252525252525252525253dhttps%252525252525252525252525253a%252525252525252525252525252f%252525252525252525252525252fserver.petersc
有人以前看过这个吗?任何关于从哪里开始调试的建议都将不胜感激。
更多信息
所以我尝试从我的服务中删除 Authenticate 属性,看看循环是由身份验证还是其他原因引起的。结果是导致循环的身份验证。一旦我注释掉该属性,一切都按预期工作。
更新
我这个循环肯定是AuthenticateAttribute引起的。
我注释掉了 'url = url.AddQueryParam(...' 行,这样我就不会得到一个巨大的垃圾查询字符串,希望能解决问题。但似乎还有其他地方不对。以下是初始请求中的 headers。
GET https://myServer.myDomain.com:9797/ HTTP/1.1
Host: myServer.myDomain.com:9797
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ss-pid=qt9Lqb2YvWUu9RzLBlfr
这是回复headers
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Location: https://myServer.myDomain.com:9797/login
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: ss-pid=kczdbSouUzx6aURug3ZU;path=/;expires=Fri, 01 Apr 2039 21:24:01 GMT;HttpOnly
Set-Cookie: ss-id=nAQeqGptASLQ1fZj4xs7;path=/;HttpOnly
X-Powered-By: ServiceStack/4.514 NET45 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Mon, 01 Apr 2019 21:24:01 GMT
在第一个请求之后,大约有 60 个重定向,它们看起来都像:
要求:
GET https://myServer.myDomain.com:9797/login HTTP/1.1
Host: myServer.myDomain.com:9797
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ss-pid=kczdbSouUzx6aURug3ZU; ss-id=nAQeqGptASLQ1fZj4xs7
回复:
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Location: https://windows7vm1.petersco.com:9797/login
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/4.514 NET45 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Mon, 01 Apr 2019 21:24:01 GMT
我没有看到任何迹象表明为什么要循环。唯一改变的是 ServiceStack 的版本,为什么一个版本会找到 html 页面而另一个版本找不到?我需要添加一些特别的东西到 v4.5.14 才能让它响应 index.html?
所以我不敢相信 AuthenticateAttribute 会有如此明显的问题,ServiceStack 太成熟太棒了,这不可能是一个错误。因此,使用该假设(通常可以安全地假设您是问题所在,而不是发现其他人都错过的错误的天才),我开始查看路线并将它们与一些旧样本进行比较,以获取 github 并注意到其中 none 定义了 FallbackRoute。
这对我来说似乎很奇怪,但考虑到我不知道该功能最初是如何成为 v5.* 模板的一部分的历史,我认为删除这些行可能会奏效。确实如此。
删除这个:
[FallbackRoute("/{PathInfo*}"]
public class FallbackForClientRoutes
{
public string PathInfo { get; set; }
}
还有这个:
public object Any(FallbackForClientRoutes request) =>
new PageResult(Request.GetPage("/"));
使一切恢复正常,导航到基础 url 重定向到 ~login 并且所有 api 方法都重新进行身份验证。我已经失去了直接导航到 URL 的能力,比如 http://myServer.myDomain.com:port/ListCompanies...但我猜这也与路由有关(所以要做更多的功课)。
我们不得不从 servicestack v5.4 免费版降级回 v4.5.14 付费版。进行降级编译所需的唯一更改是服务代码中的一行:
v5.4 代码:
[FallbackRoute("/{PathInfo*}", Matches="AcceptsHtml")]
v4.5.14代码:
[FallbackRoute("/{PathInfo*}")]
我还没有弄清楚如何在 4.5.14 中实现 'matches' 部分,但是代码似乎仍然 运行 并且从服务 运行 的 VS2017 启动时s 作为命令行 web 服务,但是间歇性地出现 infinite-redirect。在应用程序 运行 作为 windows 服务的产品中,无限重定向在 100% 的时间内发生。
结果是当我访问url:
https://server.domain.com:port
应该简单地重定向到:
https://server.domain.com:port/login
这是怎么回事:
https://server.domain.com:9797/login?redirect=https%3a%2f%2fserver.domain.com%3a9797%2flogin%3fredirect%3dhttps%253a%252f%252fserver.domain.com%253a9797%252flogin%253fredirect%253dhttps%25253a%25252f%25252fserver.domain.com%25253a9797%25252flogin%25253fredirect%25253dhttps%2525253a%2525252f%2525252fserver.domain.com%2525253a9797%2525252flogin%2525253fredirect%2525253dhttps%252525253a%252525252f%252525252fserver.domain.com%252525253a9797%252525252flogin%252525253fredirect%252525253dhttps%25252525253a%25252525252f%25252525252fserver.domain.com%25252525253a9797%25252525252flogin%25252525253fredirect%25252525253dhttps%2525252525253a%2525252525252f%2525252525252fserver.domain.com%2525252525253a9797%2525252525252flogin%2525252525253fredirect%2525252525253dhttps%252525252525253a%252525252525252f%252525252525252fserver.domain.com%252525252525253a9797%252525252525252flogin%252525252525253fredirect%252525252525253dhttps%25252525252525253a%25252525252525252f%25252525252525252fserver.domain.com%25252525252525253a9797%25252525252525252flogin%25252525252525253fredirect%25252525252525253dhttps%2525252525252525253a%2525252525252525252f%2525252525252525252fserver.domain.com%2525252525252525253a9797%2525252525252525252flogin%2525252525252525253fredirect%2525252525252525253dhttps%252525252525252525253a%252525252525252525252f%252525252525252525252fserver.domain.com%252525252525252525253a9797%252525252525252525252flogin%252525252525252525253fredirect%252525252525252525253dhttps%25252525252525252525253a%25252525252525252525252f%25252525252525252525252fserver.domain.com%25252525252525252525253a9797%25252525252525252525252flogin%25252525252525252525253fredirect%25252525252525252525253dhttps%2525252525252525252525253a%2525252525252525252525252f%2525252525252525252525252fserver.domain.com%2525252525252525252525253a9797%2525252525252525252525252flogin%2525252525252525252525253fredirect%2525252525252525252525253dhttps%252525252525252525252525253a%252525252525252525252525252f%252525252525252525252525252fserver.petersc
有人以前看过这个吗?任何关于从哪里开始调试的建议都将不胜感激。
更多信息
所以我尝试从我的服务中删除 Authenticate 属性,看看循环是由身份验证还是其他原因引起的。结果是导致循环的身份验证。一旦我注释掉该属性,一切都按预期工作。
更新
我这个循环肯定是AuthenticateAttribute引起的。 我注释掉了 'url = url.AddQueryParam(...' 行,这样我就不会得到一个巨大的垃圾查询字符串,希望能解决问题。但似乎还有其他地方不对。以下是初始请求中的 headers。
GET https://myServer.myDomain.com:9797/ HTTP/1.1
Host: myServer.myDomain.com:9797
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ss-pid=qt9Lqb2YvWUu9RzLBlfr
这是回复headers
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Location: https://myServer.myDomain.com:9797/login
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: ss-pid=kczdbSouUzx6aURug3ZU;path=/;expires=Fri, 01 Apr 2039 21:24:01 GMT;HttpOnly
Set-Cookie: ss-id=nAQeqGptASLQ1fZj4xs7;path=/;HttpOnly
X-Powered-By: ServiceStack/4.514 NET45 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Mon, 01 Apr 2019 21:24:01 GMT
在第一个请求之后,大约有 60 个重定向,它们看起来都像:
要求:
GET https://myServer.myDomain.com:9797/login HTTP/1.1
Host: myServer.myDomain.com:9797
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ss-pid=kczdbSouUzx6aURug3ZU; ss-id=nAQeqGptASLQ1fZj4xs7
回复:
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Location: https://windows7vm1.petersco.com:9797/login
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/4.514 NET45 Win32NT/.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
Date: Mon, 01 Apr 2019 21:24:01 GMT
我没有看到任何迹象表明为什么要循环。唯一改变的是 ServiceStack 的版本,为什么一个版本会找到 html 页面而另一个版本找不到?我需要添加一些特别的东西到 v4.5.14 才能让它响应 index.html?
所以我不敢相信 AuthenticateAttribute 会有如此明显的问题,ServiceStack 太成熟太棒了,这不可能是一个错误。因此,使用该假设(通常可以安全地假设您是问题所在,而不是发现其他人都错过的错误的天才),我开始查看路线并将它们与一些旧样本进行比较,以获取 github 并注意到其中 none 定义了 FallbackRoute。
这对我来说似乎很奇怪,但考虑到我不知道该功能最初是如何成为 v5.* 模板的一部分的历史,我认为删除这些行可能会奏效。确实如此。
删除这个:
[FallbackRoute("/{PathInfo*}"]
public class FallbackForClientRoutes
{
public string PathInfo { get; set; }
}
还有这个:
public object Any(FallbackForClientRoutes request) =>
new PageResult(Request.GetPage("/"));
使一切恢复正常,导航到基础 url 重定向到 ~login 并且所有 api 方法都重新进行身份验证。我已经失去了直接导航到 URL 的能力,比如 http://myServer.myDomain.com:port/ListCompanies...但我猜这也与路由有关(所以要做更多的功课)。