Chrome无法按预期在HTTPS上处理“ 308-永久重定向”重定向

时间:2019-07-18 13:53:11

标签: google-chrome nginx redirect https sinatra

我正在Ninax反向代理服务器后面的Sinatra上运行Web服务器。要求所有HTTP请求都重定向到HTTPS,所以这是我当前的配置。

map $http_upgrade $connection_upgrade {                                            
    default Upgrade;                                                               
    '' close;                                                                      
}                                                                                  

## Listen on port 80 for HTTP requests, redirect to https                          
server {                                                       
    listen 80 default;                                                             
    listen [::]:80 default;                                                        
    return 308 https://$host$request_uri;                                          
}                                                                                  


## Use HTTPS when requests are made                                                
server {                                                                           
  listen 443 ssl;                                                                  

  # don't allow old ssl protocols                                                  
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                                             

  # ensure that our ciphers are preferred, and give a list of preferred ciphers    
  ssl_prefer_server_ciphers on;                                                    
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;        

  # enable session tickets                                                         
  ssl_session_tickets on;                                                          

  # TLS session cache 4 hours, 40 MB                                               
  ssl_session_cache   shared:SSL:40m;                                              
  ssl_session_timeout 4h;                                                          

  ssl_certificate /data/projects/cloudpeel-next/cloudpeel.crt;                     
  ssl_certificate_key /data/projects/cloudpeel-next/cloudpeel.key;                 

  location / {                                                                     
    proxy_pass http://localhost:4567;                                              
    proxy_http_version 1.1;                                                        
    proxy_set_header Upgrade $http_upgrade;                                        
    proxy_set_header Connection $connection_upgrade;                               
    proxy_set_header Host $host;                                                   
    proxy_set_header X-Real-IP $remote_addr;                                      
  }                                                                                
}                                                                                  

在大多数情况下,这很有用,除非客户端发出了POST请求。理想情况下,应该将308(或307)重定向保留在POST数据中,并再次请求客户端请求其他地址(在本例中为站点的HTTPS版本)。

但是,在Chrome中发生的是处理了请求(据我所知,它更像是301重定向,并且请求被解释为GET,对此我的后端有不同的行为,会将用户重定向到页面不正确。

我尝试使用返回301和307,但均未产生期望的结果。

奇怪的是,当在Edge和Firefox中进行测试时,该应用程序可以按预期运行。

开发人员中的网络选项卡显示以下内容:POST尝试的303代码和308 GET,这不是所需的行为。在Firefox中,仅显示代码200。我在Nginx配置中可以做些什么吗?

编辑:我尝试将Nginx中的重定向更改为301,并且Firefox仍然可以按预期运行,而Chrome仍然损坏。

1 个答案:

答案 0 :(得分:0)

好吧,我发现了我的问题。我编辑了location / {}块,这终于使它对我有用-希望它对某人有帮助!

map $http_upgrade $connection_upgrade {
        default Upgrade;
        '' close;
}

## Listen on port 80 for HTTP requests, redirect to https
server {
    listen 80 default_server;
    server_name localhost;
    return 301 https://$host$request_uri;
}


## Use HTTPS when requests are made
server {
  listen 443 ssl;

  # don't allow old ssl protocols
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  # ensure that our ciphers are preferred, and give a list of preferred ciphers
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  # enable session tickets
  ssl_session_tickets on;

  # TLS session cache 4 hours, 40 MB
  ssl_session_cache   shared:SSL:40m;
  ssl_session_timeout 4h;

  ssl_certificate /etc/ssl/certs/cloudpeel.crt;
  ssl_certificate_key /etc/ssl/certs/cloudpeel.key;

  location / {

    #HTTPS Config
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-SSL on;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://localhost:4567;
    #WebSocket config
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    #proxy_set_header X-Real-IP $remote_addr;

  }
}