Would a browser ever ignore case sensitivity of the location header when responding to a redirect?_问答_开发者

Would a browser ever ignore case sensitivity of the location header when responding to a redirect?

开发者 https://www.devze.com 2023-01-15 06:23 出处：网络

If a browser requests http://site.com/?q=abc and gets a 301 redirect response to location http://site.com/?q=ABC (note case of querystring)

If a browser requests http://site.com/?q=abc

and gets a 301 redirect response to location http://site.com/?q=ABC (note case of querystring)

Is it possible for the browser to ignore the difference in case and re-request http://site.com/?q=abc, thus causing an infinite redirect loop?

That's the scenario that appears to be happening according to the IIS logs. It seems to be isolated to Internet Explorer with some variation of the Ask toolbar installed (based on user-agent values). I even installed the Ask toolbar, but have not been able to recreate this scenario in any way.

I can't post the source code, but for those that want something, here's the general logic:

Page_Load(object sender, EventArgs e) 
{
    var q = Request.QueryString["q"];

    if (q == "ABC")
    {
        //render page as usual
    }
    else
    {
        Response.RedirectPermanent("[thispage]?q=ABC");
    }
}

As you can see, if this page is requested with ?q=abc it will be redirected once, but then it'll render as usual because the redirect goes to ?q=ABC.

Is there a开发者_运维百科ny scenario where the browser (specifically IE with the Ask toolbar) could ignore the case of the redirect location, causing an endless loop?

I hate to answer my own question, but this is probably the best way to close the loop. The excessive redirects was actually not caused by the code I posted. I was fooled.

We had an HttpModule that, ironically, used code mentioned in this answer. It turns out that installing certain versions of the Ask.com toolbar on IE will modify the user-agent string to include 'Ask', causing false-positives on this 'IsCrawler' checker.

Because 'IsCrawler' evaluated to true in these cases, a different code path was executed that caused the infinite redirect loop. The querystring case changing was a result of this, not the web browser ignoring the location header as I was asking about.

Since I didn't even really answer my question, if anyone can post a somewhat authoritative answer on whether there are any known browsers or scenarios behaving as I asked about, I will mark that as the accepted answer.

It sounds like the Ask toolbar is injecting itself into the request/response cycle that IE is using. I've never developed a toolbar, but I'm betting it's pretty standard, as toolbars used to hijack URL input all the time. If it then does some internal analysis before actually redirecting, I could see some sloppily written code doing case-insensitive comparison.

I'm hoping you've identified the obvious workarounds, such as forwarding to ?qq=ABC and having your destination page use either q or qq.