IIS的ARR模块正在更改302重定向的Location标头。

huangapple go评论59阅读模式
英文:

IIS' ARR module is changing the Location header of a 302 Redirect

问题

我的后端是一个使用NodeJS构建的服务器,具有以下CORS配置:

app.use(cors({
    origin: ['https://example.com', 'https://destination.com'],
    allowedHeaders: ['Origin','Accept','X-Requested-With','Content-Type']
}));

当NodeJS后端发送一个302 Found响应时,IIS会替换位置;一个重定向到destination.com/endpoint?p=v会变成example.com/endpoint?p=v。以下是来自IIS“失败请求跟踪”的日志:

135. NOTIFY_MODULE_START ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotification="false" 01:16:27.109 
136. ARR_REQUEST_HEADERS_START  01:16:27.109 
137. ARR_REQUEST_HEADERS_END  01:16:27.125 
138. ARR_RESPONSE_HEADERS_START  01:16:27.125 
139. ARR_RESPONSE_HEADERS_END  01:16:27.125 
140. MODULE_SET_RESPONSE_SUCCESS_STATUS ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", HttpStatus="302", HttpReason="Found" 01:16:27.125 
141. GENERAL_SET_RESPONSE_HEADER HeaderName="Content-Length", HeaderValue="0", Replace="true" 01:16:27.125 
142. GENERAL_SET_RESPONSE_HEADER HeaderName="Location", HeaderValue="https://destination.com/foo/bar?p=v", Replace="true" 01:16:27.125 
143. GENERAL_SET_RESPONSE_HEADER HeaderName="Vary", HeaderValue="Origin", Replace="true" 01:16:27.125 
144. GENERAL_SET_RESPONSE_HEADER HeaderName="X-Powered-By", HeaderValue="Express", Replace="false" 01:16:27.125 
145. GENERAL_SET_RESPONSE_HEADER HeaderName="Location", HeaderValue="https://example.com/foo/bar?p=v", Replace="true" 01:16:27.125 
146. GENERAL_SET_RESPONSE_HEADER HeaderName="X-Powered-By", HeaderValue="ARR/3.0", Replace="false" 01:16:27.125 
147. NOTIFY_MODULE_END ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", NotificationStatus="1" 01:16:27.125 
148. NOTIFY_MODULE_COMPLETION ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", CompletionBytes="0", ErrorCode="The operation completed successfully.
 (0x0)" 01:16:27.125 
149. ARR_RESPONSE_ENTITY_START  01:16:27.125 
150. ARR_RESPONSE_ENTITY_END Bytes="0" 01:16:27.125 
151. NOTIFY_MODULE_END ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", NotificationStatus="1" 01:16:27.125 
152. NOTIFY_MODULE_COMPLETION ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", CompletionBytes="0", ErrorCode="The operation completed successfully.
 (0x0)" 01:16:27.125 
153. NOTIFY_MODULE_END ModuleName="ApplicationRequestRouting", Notification="EXECUTE_REQUEST_HANDLER", fIsPostNotificationEvent="false", NotificationStatus="NOTIFICATION_CONTINUE" 

以下是现有的重写规则:

<rules>
	<clear />
	<rule name="Upgrade" enabled="true" stopProcessing="true">
		<match url="(.*)" />
		<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
			<add input="{HTTPS}" pattern="^OFF$" />
			<add input="{REQUEST_METHOD}" pattern="POST" negate="true" />
			<add input="{REQUEST_METHOD}" pattern="FOUND" negate="true" />
		</conditions>
		<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
	</rule>
	<rule name="Backend" stopProcessing="true">
		<match url="backend/(.*)" />
		<action type="Rewrite" url="http://localhost:3001/{R:1}" />
	</rule>
	<rule name="React Router" enabled="true" stopProcessing="true">
		<match url=".*" />
		<conditions logicalGrouping="MatchAll">
			<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
			<add input="{REQUEST_URI}" matchType="IsDirectory" negate="true" />
		</conditions>
		<action type="Rewrite" url="index.html" />
	</rule>
</rules>

没有其他带有规则的ARR模块。IIS需要配置CORS吗?谢谢

英文:

My backend is a NodeJS server with the following CORS configuration:

    app.use(cors({
        origin: [&#39;https://example.com, &#39;https://destination.com&#39;],
        allowedHeaders: [&#39;Origin&#39;,&#39;Accept&#39;,&#39;X-Requested-With&#39;,&#39;Content-Type&#39;]
    }));

When the NodeJS backend sends a 302 Found response, IIS replaces the location; a redirect to destination.com/endpoint?p=v changes to example.com/endpoint?p=v. Here are the logs from IIS' Failed Request Tracing:

135. NOTIFY_MODULE_START ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotification=&quot;false&quot; 01:16:27.109 
136. ARR_REQUEST_HEADERS_START  01:16:27.109 
137. ARR_REQUEST_HEADERS_END  01:16:27.125 
138. ARR_RESPONSE_HEADERS_START  01:16:27.125 
139. ARR_RESPONSE_HEADERS_END  01:16:27.125 
140. MODULE_SET_RESPONSE_SUCCESS_STATUS ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, HttpStatus=&quot;302&quot;, HttpReason=&quot;Found&quot; 01:16:27.125 
141. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Content-Length&quot;, HeaderValue=&quot;0&quot;, Replace=&quot;true&quot; 01:16:27.125 
142. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Location&quot;, HeaderValue=&quot;https://destination.com/foo/bar?p=v&quot;, Replace=&quot;true&quot; 01:16:27.125 
143. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Vary&quot;, HeaderValue=&quot;Origin&quot;, Replace=&quot;true&quot; 01:16:27.125 
144. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;X-Powered-By&quot;, HeaderValue=&quot;Express&quot;, Replace=&quot;false&quot; 01:16:27.125 
145. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;Location&quot;, HeaderValue=&quot;https://example.com/foo/bar?p=v&quot;, Replace=&quot;true&quot; 01:16:27.125 
146. GENERAL_SET_RESPONSE_HEADER HeaderName=&quot;X-Powered-By&quot;, HeaderValue=&quot;ARR/3.0&quot;, Replace=&quot;false&quot; 01:16:27.125 
147. NOTIFY_MODULE_END ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, NotificationStatus=&quot;1&quot; 01:16:27.125 
148. NOTIFY_MODULE_COMPLETION ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, CompletionBytes=&quot;0&quot;, ErrorCode=&quot;The operation completed successfully.
 (0x0)&quot; 01:16:27.125 
149. ARR_RESPONSE_ENTITY_START  01:16:27.125 
150. ARR_RESPONSE_ENTITY_END Bytes=&quot;0&quot; 01:16:27.125 
151. NOTIFY_MODULE_END ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, NotificationStatus=&quot;1&quot; 01:16:27.125 
152. NOTIFY_MODULE_COMPLETION ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, CompletionBytes=&quot;0&quot;, ErrorCode=&quot;The operation completed successfully.
 (0x0)&quot; 01:16:27.125 
153. NOTIFY_MODULE_END ModuleName=&quot;ApplicationRequestRouting&quot;, Notification=&quot;EXECUTE_REQUEST_HANDLER&quot;, fIsPostNotificationEvent=&quot;false&quot;, NotificationStatus=&quot;NOTIFICATION_CONTINUE&quot; 

These are the existing rewrite rules:

&lt;rules&gt;
	&lt;clear /&gt;
	&lt;rule name=&quot;Upgrade&quot; enabled=&quot;true&quot; stopProcessing=&quot;true&quot;&gt;
		&lt;match url=&quot;(.*)&quot; /&gt;
		&lt;conditions logicalGrouping=&quot;MatchAll&quot; trackAllCaptures=&quot;false&quot;&gt;
			&lt;add input=&quot;{HTTPS}&quot; pattern=&quot;^OFF$&quot; /&gt;
			&lt;add input=&quot;{REQUEST_METHOD}&quot; pattern=&quot;POST&quot; negate=&quot;true&quot; /&gt;
                        &lt;add input=&quot;{REQUEST_METHOD}&quot; pattern=&quot;FOUND&quot; negate=&quot;true&quot; /&gt;
		&lt;/conditions&gt;
		&lt;action type=&quot;Redirect&quot; url=&quot;https://{HTTP_HOST}{REQUEST_URI}&quot; /&gt;
	&lt;/rule&gt;
	&lt;rule name=&quot;Backend&quot; stopProcessing=&quot;true&quot;&gt;
		&lt;match url=&quot;backend/(.*)&quot; /&gt;
		&lt;action type=&quot;Rewrite&quot; url=&quot;http://localhost:3001/{R:1}&quot; /&gt;
	&lt;/rule&gt;
	&lt;rule name=&quot;React Router&quot; enabled=&quot;true&quot; stopProcessing=&quot;true&quot;&gt;
		&lt;match url=&quot;.*&quot; /&gt;
		&lt;conditions logicalGrouping=&quot;MatchAll&quot;&gt;
&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; 	&lt;add input=&quot;{REQUEST_FILENAME}&quot; matchType=&quot;IsFile&quot; negate=&quot;true&quot; /&gt;
&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &lt;add input=&quot;{REQUEST_URI}&quot; matchType=&quot;IsDirectory&quot; negate=&quot;true&quot; /&gt;
&#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &lt;/conditions&gt;
		&lt;action type=&quot;Rewrite&quot; url=&quot;index.html&quot; /&gt;
	&lt;/rule&gt;
&lt;/rules&gt;

There are no other ARR modules with rules in place.

Does IIS need to be configured for CORS? Thanks

答案1

得分: 1

前往您服务器的 IIS 'Home' 页面,然后打开 'Application Request Routing Cache'。在服务器代理设置中有一个标有 'Reverse rewrite host in response headers' 的选项。取消选中该选项解决了我的问题。

英文:

Go to the IIS 'Home' page for your server and open 'Application Request Routing Cache'. There's an option in Server Proxy Settings labelled 'Reverse rewrite host in response headers'. Unchecking that option solved my problem.

huangapple
  • 本文由 发表于 2023年6月29日 10:34:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/76577735.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定