IIS的ARR模块正在更改302重定向的Location标头。

huangapple
go评论85阅读模式
英文:

IIS' ARR module is changing the Location header of a 302 Redirect

问题

我的后端是一个使用NodeJS构建的服务器,具有以下CORS配置:

  1. app.use(cors({
  2.     origin: ['https://example.com', 'https://destination.com'],
  3.     allowedHeaders: ['Origin','Accept','X-Requested-With','Content-Type']
  4. }));

当NodeJS后端发送一个302 Found响应时,IIS会替换位置;一个重定向到destination.com/endpoint?p=v会变成example.com/endpoint?p=v。以下是来自IIS“失败请求跟踪”的日志:

  1. 135. NOTIFY_MODULE_START ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotification="false" 01:16:27.109 
  2. 136. ARR_REQUEST_HEADERS_START  01:16:27.109 
  3. 137. ARR_REQUEST_HEADERS_END  01:16:27.125 
  4. 138. ARR_RESPONSE_HEADERS_START  01:16:27.125 
  5. 139. ARR_RESPONSE_HEADERS_END  01:16:27.125 
  6. 140. MODULE_SET_RESPONSE_SUCCESS_STATUS ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", HttpStatus="302", HttpReason="Found" 01:16:27.125 
  7. 141. GENERAL_SET_RESPONSE_HEADER HeaderName="Content-Length", HeaderValue="0", Replace="true" 01:16:27.125 
  8. 142. GENERAL_SET_RESPONSE_HEADER HeaderName="Location", HeaderValue="https://destination.com/foo/bar?p=v", Replace="true" 01:16:27.125 
  9. 143. GENERAL_SET_RESPONSE_HEADER HeaderName="Vary", HeaderValue="Origin", Replace="true" 01:16:27.125 
  10. 144. GENERAL_SET_RESPONSE_HEADER HeaderName="X-Powered-By", HeaderValue="Express", Replace="false" 01:16:27.125 
  11. 145. GENERAL_SET_RESPONSE_HEADER HeaderName="Location", HeaderValue="https://example.com/foo/bar?p=v", Replace="true" 01:16:27.125 
  12. 146. GENERAL_SET_RESPONSE_HEADER HeaderName="X-Powered-By", HeaderValue="ARR/3.0", Replace="false" 01:16:27.125 
  13. 147. NOTIFY_MODULE_END ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", NotificationStatus="1" 01:16:27.125 
  14. 148. NOTIFY_MODULE_COMPLETION ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", CompletionBytes="0", ErrorCode="The operation completed successfully.
  15.  (0x0)" 01:16:27.125 
  16. 149. ARR_RESPONSE_ENTITY_START  01:16:27.125 
  17. 150. ARR_RESPONSE_ENTITY_END Bytes="0" 01:16:27.125 
  18. 151. NOTIFY_MODULE_END ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", NotificationStatus="1" 01:16:27.125 
  19. 152. NOTIFY_MODULE_COMPLETION ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", CompletionBytes="0", ErrorCode="The operation completed successfully.
  20.  (0x0)" 01:16:27.125 
  21. 153. NOTIFY_MODULE_END ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", NotificationStatus="NOTIFICATION_CONTINUE"

以下是现有的重写规则:

  1. <rules>
  2. 	<clear />
  3. 	<rule name="Upgrade" enabled="true" stopProcessing="true">
  4. 		<match url="(.*)" />
  5. 		<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
  6. 			<add input="{HTTPS}" pattern="^OFF$" />
  7. 			<add input="{REQUEST_METHOD}" pattern="POST" negate="true" />
  8. 			<add input="{REQUEST_METHOD}" pattern="FOUND" negate="true" />
  9. 		</conditions>
  10. 		<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
  11. 	</rule>
  12. 	<rule name="Backend" stopProcessing="true">
  13. 		<match url="backend/(.*)" />
  14. 		<action type="Rewrite" url="http://localhost:3001/{R:1}" />
  15. 	</rule>
  16. 	<rule name="React Router" enabled="true" stopProcessing="true">
  17. 		<match url=".*" />
  18. 		<conditions logicalGrouping="MatchAll">
  19. 			<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
  20. 			<add input="{REQUEST_URI}" matchType="IsDirectory" negate="true" />
  21. 		</conditions>
  22. 		<action type="Rewrite" url="index.html" />
  23. 	</rule>
  24. </rules>

没有其他带有规则的ARR模块。IIS需要配置CORS吗?谢谢

英文:

My backend is a NodeJS server with the following CORS configuration:

  1.     app.use(cors({
  2.         origin: [&#39;https://example.com, &#39;https://destination.com&#39;],
  3.         allowedHeaders: [&#39;Origin&#39;,&#39;Accept&#39;,&#39;X-Requested-With&#39;,&#39;Content-Type&#39;]
  4.     }));

When the NodeJS backend sends a 302 Found response, IIS replaces the location; a redirect to destination.com/endpoint?p=v changes to example.com/endpoint?p=v. Here are the logs from IIS' Failed Request Tracing:

  1. 135. NOTIFY_MODULE_START ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotification=&quot;false&quot; 01:16:27.109 
  2. 136. ARR_REQUEST_HEADERS_START  01:16:27.109 
  3. 137. ARR_REQUEST_HEADERS_END  01:16:27.125 
  4. 138. ARR_RESPONSE_HEADERS_START  01:16:27.125 
  5. 139. ARR_RESPONSE_HEADERS_END  01:16:27.125 
  6. 140. MODULE_SET_RESPONSE_SUCCESS_STATUS ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, HttpStatus=&quot;302&quot;, HttpReason=&quot;Found&quot; 01:16:27.125 
  7. 141. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Content-Length&quot;, HeaderValue=&quot;0&quot;, Replace=&quot;true&quot; 01:16:27.125 
  8. 142. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Location&quot;, HeaderValue=&quot;https://destination.com/foo/bar?p=v&quot;, Replace=&quot;true&quot; 01:16:27.125 
  9. 143. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Vary&quot;, HeaderValue=&quot;Origin&quot;, Replace=&quot;true&quot; 01:16:27.125 
  10. 144. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;X-Powered-By&quot;, HeaderValue=&quot;Express&quot;, Replace=&quot;false&quot; 01:16:27.125 
  11. 145. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Location&quot;, HeaderValue=&quot;https://example.com/foo/bar?p=v&quot;, Replace=&quot;true&quot; 01:16:27.125 
  12. 146. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;X-Powered-By&quot;, HeaderValue=&quot;ARR/3.0&quot;, Replace=&quot;false&quot; 01:16:27.125 
  13. 147. NOTIFY_MODULE_END ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, NotificationStatus=&quot;1&quot; 01:16:27.125 
  14. 148. NOTIFY_MODULE_COMPLETION ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, CompletionBytes=&quot;0&quot;, ErrorCode=&quot;The operation completed successfully.
  15.  (0x0)&quot; 01:16:27.125 
  16. 149. ARR_RESPONSE_ENTITY_START  01:16:27.125 
  17. 150. ARR_RESPONSE_ENTITY_END Bytes=&quot;0&quot; 01:16:27.125 
  18. 151. NOTIFY_MODULE_END ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, NotificationStatus=&quot;1&quot; 01:16:27.125 
  19. 152. NOTIFY_MODULE_COMPLETION ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, CompletionBytes=&quot;0&quot;, ErrorCode=&quot;The operation completed successfully.
  20.  (0x0)&quot; 01:16:27.125 
  21. 153. NOTIFY_MODULE_END ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, NotificationStatus=&quot;NOTIFICATION_CONTINUE&quot;

These are the existing rewrite rules:

  1. &lt;rules&gt;
  2. 	&lt;clear /&gt;
  3. 	&lt;rule name=&quot;Upgrade&quot; enabled=&quot;true&quot; stopProcessing=&quot;true&quot;&gt;
  4. 		&lt;match url=&quot;(.*)&quot; /&gt;
  5. 		&lt;conditions logicalGrouping=&quot;MatchAll&quot; trackAllCaptures=&quot;false&quot;&gt;
  6. 			&lt;add input=&quot;{HTTPS}&quot; pattern=&quot;^OFF$&quot; /&gt;
  7. 			&lt;add input=&quot;{REQUEST_METHOD}&quot; pattern=&quot;POST&quot; negate=&quot;true&quot; /&gt;
  8.                         &lt;add input=&quot;{REQUEST_METHOD}&quot; pattern=&quot;FOUND&quot; negate=&quot;true&quot; /&gt;
  9. 		&lt;/conditions&gt;
  10. 		&lt;action type=&quot;Redirect&quot; url=&quot;https://{HTTP_HOST}{REQUEST_URI}&quot; /&gt;
  11. 	&lt;/rule&gt;
  12. 	&lt;rule name=&quot;Backend&quot; stopProcessing=&quot;true&quot;&gt;
  13. 		&lt;match url=&quot;backend/(.*)&quot; /&gt;
  14. 		&lt;action type=&quot;Rewrite&quot; url=&quot;http://localhost:3001/{R:1}&quot; /&gt;
  15. 	&lt;/rule&gt;
  16. 	&lt;rule name=&quot;React Router&quot; enabled=&quot;true&quot; stopProcessing=&quot;true&quot;&gt;
  17. 		&lt;match url=&quot;.*&quot; /&gt;
  18. 		&lt;conditions logicalGrouping=&quot;MatchAll&quot;&gt;
  19. &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; 	&lt;add input=&quot;{REQUEST_FILENAME}&quot; matchType=&quot;IsFile&quot; negate=&quot;true&quot; /&gt;
  20. &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &lt;add input=&quot;{REQUEST_URI}&quot; matchType=&quot;IsDirectory&quot; negate=&quot;true&quot; /&gt;
  21. &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &lt;/conditions&gt;
  22. 		&lt;action type=&quot;Rewrite&quot; url=&quot;index.html&quot; /&gt;
  23. 	&lt;/rule&gt;
  24. &lt;/rules&gt;

There are no other ARR modules with rules in place.

Does IIS need to be configured for CORS? Thanks

答案1

得分: 1

前往您服务器的 IIS 'Home' 页面,然后打开 'Application Request Routing Cache'。在服务器代理设置中有一个标有 'Reverse rewrite host in response headers' 的选项。取消选中该选项解决了我的问题。

英文:

Go to the IIS 'Home' page for your server and open 'Application Request Routing Cache'. There's an option in Server Proxy Settings labelled 'Reverse rewrite host in response headers'. Unchecking that option solved my problem.

huangapple
  • 本文由 发表于 2023年6月29日 10:34:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/76577735.html
  • arr
  • cors
  • iis
  • redirect
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定