Seek some help on this. I am somewhat limited by what I can use as the application is internal ...
Scenario: A web application sends a POST request to the / api / shortLink endpoint to return a short link (think of a URL shortening service) to the dashboard in our BI application. A short link stores the parameter / filter values ββso that the user can return to the same view using a short link.
The shortLink service returns the normal status of 200 and the shortLink code. It's OK, really? Not this way. The very next HTTP request (GET, POST, does not matter) from the page results in an HTTP 400 error (Invalid Verb).
The problem only occurs in Chrome (latest build). Firefox, IE11, Vivaldi and Safari work fine.
The initial mail request to get the shortLink value (works fine, shortLink is generated and returned:
Request:
POST http://jaxbamaptst1:8000/api/shortlink/?sessionId=4ea65890-dbb2-4757-8f03-c0e3bf306cdf HTTP/1.1
Host: jaxbamaptst1:8000
Connection: keep-alive
Content-Length: 18192
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Origin: http://jaxbamaptst1:8000
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: http://jaxbamaptst1:8000/Dashboard/1e4ce64e-31e7-4f9e-96aa-8b9e546ba5c8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: webapp_sessionid=4ea65890-dbb2-4757-8f03-c0e3bf306cdf; webapp_clientid=27271080-59a9-4c3c-aaef-d8c489414165
"/Dashboard/41c892a0-d83c-4d98-beaa-cee8c656c727?e=false&vo=viewonly&overrides=eyJfX2NsYXNzVHlwZSI6ImR1bmRhcy52aWV3LmNvbnRyb2xzLlZpZXdPdmVycmlkZXMiLCJ2aWV3UGFyYW1ldGVycyI6W10sImRlZmF1bHRWaWV3UGFyYW1ldGVyVmFsdWVzIjpbeyJ2aWV3UGFyYW1ldGVyTmFtZSI6InBhcmFtQ3VycmVudE9yZyIsInBhcmFtZXRlclZhbHVlIjp7Il9fY2xhc3NUeXBlIjoiZHVuZGFzLmRhdGEuQ29sbGVjdGlvbk1lbWJlclZhbHVlIiwidmFsdWVzIjpbeyJfX2NsYXNzVHlwZSI6ImR1bmRhcy5kYXRhLkhpZXJhcmNoeU1lbWJlciIsImNvbXBhdGlibGVVbmlxdWVOYW1lIjoiW0RpbSBFbXBsb3llZV0uW0N1cnJlbnQgT3JnLUNlbnRlci1VTS1UTS1BZ2VudF0uW0NlbnRlcl0uJltSXSZbQ01DXSZbS05YQ01DXSIsImhpZXJhcmNoeVVuaXF1ZU5hbWUiOiJbRGltIEVtcG<<snip rest of overrides. Very lengthy>>
The answer is also normal and returns the desired shortLink:
HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Date: Fri, 30 Sep 2016 02:44:21 GMT
Content-Length: 28
"saqecfh3x14wmygknpqnzxwt3w"
Now, no matter what the next call from the page, the result will be HTTP 400 - Invalid Verb
The request looks completely normal in Chrome. However, when you look at it in Fiddler, things get a little weird.
Here's the failed request:
JSZVVUAXF1ZU5HBWUIOIJBRGLTIEVTCGXVEWVLXS5BQ3VYCMVUDCBPCMCTQ2VUDGVYLVVNLVRNLUFNZW50XS5BT3JNYW5PEMF0AW9UXS4MW1JDJLTDTUNDIIWIAGLLCMFYY2H5VW5PCXVLTMFTZSI6ILTEAW0GRW1WBG95ZWVDLLTDDXJYZW50IE9YZY1DZW50ZXITVU0TVE0TQWDLBNRDIIWIY2FWDGLVBII6IKNNQYISIMXLDMVSV<<snipped for brevity>>SBGFWC2VKIJPMYWXZZSWIY2HPBGRJDGVTQ291BNQIOJASINVUAXF1ZU5HBWUIOIJBRGLTIGET http://jaxbamaptst1:8000/Link/?shortLink=saqecfh3x14wmygknpqnzxwt3w HTTP/1.1
Host: jaxbamaptst1:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Referer: http://jaxbamaptst1:8000/Dashboard/1e4ce64e-31e7-4f9e-96aa-8b9e546ba5c8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: webapp_sessionid=4ea65890-dbb2-4757-8f03-c0e3bf306cdf; webapp_clientid=27271080-59a9-4c3c-aaef-d8c489414165
Pay attention to the encoded data (or distorted nothing?) Preceding the verb "GET". Not surprisingly, IIS returns a 400 error.
Chrome looks like everything was fine (except for 400 answer):
Request URL:http://jaxbamaptst1:8000/Link/?shortLink=saqecfh3x14wmygknpqnzxwt3w
Request Method:GET
Status Code:400 Bad Request
Remote Address:127.0.0.1:8888 <<due to Fiddler proxy>>
Ever seen anything like this?
, - SSL , . , , SSL, .