IE10和IE11上传无法发送POST数据

 mobiledu2502875315 发布于 2023-02-06 17:27
  • post
  • 文件
  • ip
  • web
  • 服务器
  • iis

    • 我正在尝试POST一个包含隐藏字段和文件并且传输挂起的multipart/form-data.

    Web服务器: 运行IIS 8.0的Windows 2012服务器.

    身份验证:启用Windows(Negotiate&NTLM)

    客户端: Windows 2008 Server/Windows 2012 Server(localhost)Internet Explorer 10.0.12都存在相同的问题

    我有一个在Web服务器上运行的CGI,我检查以确保它可用并响应,然后我发出一个JQuery Ajax请求来发送POST数据.使用Fiddler我看了Web服务器和浏览器进行通信(下面).它挂起在最后一个请求上,它显示内容长度为500,但没有数据.似乎IE正在等待发送它(?).

    在Fiddler中,您可以在发送响应之前修改数据.我试过这个,它不允许编辑.似乎它仍在等待IE继续发送.我尝试关闭Windows身份验证并打开匿名,我没有任何问题.此外,在第一个请求中,我无法重现该问题(它按预期工作)但在后续请求中它是一致的.Chrome,Firefox或IE9及更早版本没有任何问题.我无法确定它是浏览器还是Web服务器.

    请求1 CGI检查

    POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1
X-Requested-With: XMLHttpRequest
Accept: */*
Referer: http://www.example.com/test/mycgi2.exe/ABC
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Connection: Keep-Alive
Content-Length: 0
DNT: 1
Host: www.example.com
Pragma: no-cache

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/8.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Fri, 03 Jan 2014 20:29:28 GMT
Content-Length: 1293
Proxy-Support: Session-Based-Authentication





401 - Unauthorized: Access is denied due to invalid credentials.





    
 
    
  
    401 - Unauthorized: Access is denied due to invalid credentials.
    
  
    You do not have permission to view this directory or page using the credentials that you supplied.
    
 
    

    



    POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1
X-Requested-With: XMLHttpRequest
Accept: */*
Referer: http://www.example.com/test/mycgi2.exe/ABC
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Connection: Keep-Alive
Content-Length: 0
DNT: 1
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
Pragma: no-cache
Host: www.example.com


HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgoniOb3rEHzeNj0AAAAAAAAAAJwAnABKAAAABgLwIwAAAA9MAFIAUwBEAE8ATQBBAEkATgACABIATABSAFMARABPAE0AQQBJAE4AAQAUAFcASQBOAC0AUQBBADIAMAAxADIABAAUAGwAcgBzAGkAbgBjAC4AbwByAGcAAwAqAFcASQBOAC0AUQBBADIAMAAxADIALgBsAHIAcwBpAG4AYwAuAG8AcgBnAAUAFABsAHIAcwBpAG4AYwAuAG8AcgBnAAcACABOH1yAwgjPAQAAAAA=
Date: Fri, 03 Jan 2014 20:29:28 GMT
Content-Length: 341
Proxy-Support: Session-Based-Authentication


Not Authorized


    Not Authorized
    

    HTTP Error 401. The requested resource requires user authentication.
    


    POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1
X-Requested-With: XMLHttpRequest
Accept: */*
Referer: http://www.example.com/test/mycgi2.exe/ABC
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Connection: Keep-Alive
Content-Length: 0
DNT: 1
Host: www.example.com
Pragma: no-cache
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPuaPj4eFf7hfIoOiAvf0/xWwAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdKgld6FBtRxfUcAQJS6yPAQEAAAAAAABOH1yAwgjPAQcXz+RFuDKzAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAE4fXIDCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAADYL8orn+roxnPVhMNa1G0w

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/8.0
Persistent-Auth: true
X-Powered-By: ASP.NET
Date: Fri, 03 Jan 2014 20:29:28 GMT
Connection: close
Content-Length: 0

    请求2 POST数据和文件

    POST http://www.example.com/test/mycgi.exe/ABC?trid=pxupld HTTP/1.1
X-Requested-With: XMLHttpRequest
Accept: */*
Content-Type: multipart/form-data; boundary=---------------------------7dd3c817903dc
Referer: http://www.example.com/test/mycgi2.exe/ABC
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: www.example.com
DNT: 1
Connection: Keep-Alive
Pragma: no-cache
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
Content-Length: 0

HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgonioR3IHBVFoYwAAAAAAAAAAJwAnABKAAAABgLwIwAAAA9MAFIAUwBEAE8ATQBBAEkATgACABIATABSAFMARABPAE0AQQBJAE4AAQAUAFcASQBOAC0AUQBBADIAMAAxADIABAAUAGwAcgBzAGkAbgBjAC4AbwByAGcAAwAqAFcASQBOAC0AUQBBADIAMAAxADIALgBsAHIAcwBpAG4AYwAuAG8AcgBnAAUAFABsAHIAcwBpAG4AYwAuAG8AcgBnAAcACABzQ2OAwgjPAQAAAAA=
Date: Fri, 03 Jan 2014 20:29:28 GMT
Content-Length: 341
Proxy-Support: Session-Based-Authentication


Not Authorized


    Not Authorized
    

    HTTP Error 401. The requested resource requires user authentication.
    


    POST http://www.example.com/test/mycgi.exe/ABC?trid=pxupld HTTP/1.1
X-Requested-With: XMLHttpRequest
Accept: */*
Content-Type: multipart/form-data; boundary=---------------------------7dd3c817903dc
Referer: http://www.example.com/test/mycgi2.exe/ABC
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: www.example.com
Content-Length: 500
DNT: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPbaRPHPhdB+KO+QMFMSieX2wAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUat4cr34A16p/u9YeXYBAAQEAAAAAAABzQ2OAwgjPAVb+mEX8/lPwAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAHNDY4DCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAAAQcolcJBPzOWjm8V7iJiki

    挂起等待我假设的数据,有什么想法吗?

    1 个回答

    • 这是怎么回事.

        您从IIS请求页面.

        IIS说"不,你必须验证(401).我采取谈判和/或NTLM." (在启用Windows身份验证的默认配置中)

        IE会随您的请求一起发送身份验证标头,IIS会愉快地将您的页面发回.

        IE将身份验证附加到它使用的TCP连接,因此它不必再次向IIS进行身份验证.

        你等一下,IE对你感到厌倦并关闭它保持打开的TCP连接(参见Keep-Alive标题.并且不要关闭保持活动.).当TCP连接关闭时,所有多汁的Windows身份验证都会消失.

        您最终做了一些触发某些二进制有效负载或多部分/表单数据的XHR POST的操作.

        IE在新的TCP连接上完全通过Windows身份验证交换.

        IE搞砸了并提交你的帖子,但无法发送数据.它只是停止而不是这样做.在multipart/form-data的情况下,客户端和服务器进入一个鸡的游戏,每个人都在等待另一个做某事并且IE挂起.对于其他mime类型,我注意到IIS发回408而不是挂起.

      解决方法:向IIS发送GET或HEAD请求.IE将根据该请求进行身份验证.完成后,发送您的POST.IE将从您的POST的GET或HEAD请求(及其多汁的Windows身份验证数据)中回收TCP连接,并正确发送您的数据.

      2023-02-06 17:29 回答
    撰写答案
    今天,你开发时遇到什么问题呢?
    立即提问
    热门标签
    PHP1.CN | 中国最专业的PHP中文社区 | PNG素材下载 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
    Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有