"http://localhost/" is being automatically added to https urls - http

As the title suggests, http://localhost/mywebapp is being automatically added to urls within my application.
User clicks an https hyperlink, but instead of browsing to
https://correcturl.something.com
it goes to http://localhost/mywebapp/https://correcturl.something.com
ie the localhost part is being automatically added. I'm sure there is an IIS setting that we are missing here.

It might not be IIS. If you're forming your URLs improperly, I'm pretty sure the browser will handle redirect to "current url" + "redirecting url".
example:
if you execute the following in a javascript console, you will not get redirected.
window.location.href = "/http://google.com";
Running that off stackoverflow page sends me to https://stackoverflow.com/http://google.com
which is incorrect.
I'm assuming that if you're testing urls in some dev environment locally, you'll produce a similar result against localhost. I can't give you a better answer without more information, however I would begin by looking for something in your app similar to what I described.

Related

windows web server 2008 IIS7 keeps rediricting

In IIS7 I right click on the site and choose "Switch to content view" then add a text file called test.txt right click again and switch to features view. Double click the http redirect icon and see it's not forwarding.
Right click the site and switch to content view again now right click on test.txt and choose browse only to be forwarded to some other site that gives me 404 for not having /test.txt.
I don't know where to look anymore as the settings mentioned above would indicate there would be no forwarding but opening the file proves that it does.
When using forcecors plugin for firefox and making a ajax request to the text file I can see the response header: Location http://some_other_site/test.txt.
Hope it's something simple.
[update]
In the application I checked out the settings under "Url rewrite" and found a rule that redirects. Removed this rule and stopped started IIS but it's still forwarding. Could not find anything under System32\inetsvr\config that would indicate redirecting.
After removing the url rewrite rule and testing in the browser it kept on forwarding because I think my browser remembered it was moved. Cache settings on IIS should check if file has changed after it was last cached (I think last modified headers) but somehow a redirect works differently. Did not clear my browser cache and even doing that could still cause a problem with proxies caching it.
What I did was opening it this way:
http://develop.mysite.com/test.txt?refresh=newValue
Like magic I wasn't redirected and it works now. Start FF with another profile and see if that solves the problem as the new profile should not be aware of the sites response being "permanently moved" by a previous request.

Page Returns 403 Forbidden but Only From Google Search Link

I run a website http://sciantechnologies.com/.
Now, if you go to that URL, it loads fine, however if you google search "Scian Technologies", it will return a link that looks like this:
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDgQFjAA&url=http%3A%2F%2Fsciantechnologies.com%2F&ei=3AY8UdLvF8Gi2gXxXg&usg=AFQjCNGT916DDNRiBhq31Qu6fz0-_GDOFg&sig2=iHtZm7pPyQGdcyZczOUMRg&bvm=bv.43287494,d.b2I
Which if you click on it, will redirect you to the correct URL, but for some reason it seems to pick up a 403 along the way. Funny thing is it leaves the correct URL in the address bar, and if you click on that and press enter, it works fine.
I didn't set up anything special here - it's just a wordpress site... anyone else had this behavior or have any ideas? I'm really scratching my head over it - it doesn't seem to make any sense!
Google has indexed your base domain (not including www).
You'll want to put a 301 redirect to your www subdomain.
Then wait for Google to reindex your site.
For those of you who use a web provider for hosting and hit this issue, I have managed to fix this. The support team were completely useless. Anyway, I fixed this by deleting my virtual host in the gui panel (which the support team actually advised me against) and recreated it. I never saw their virtual hosts config (they refused to show it to me) but I'm guessing when I installed wp using their magical installer script, it made changes to the virtual host configuration (most likely mod rewrite related) which I had no visibility of. Deleting the virtual domain then wiped this and started cleanly again. Note if you're doing this:
Delete the virtual domain and let it kick in (I.e. take your website down) before recreating it
There is no guarantee that deleting the virtual domain will actually wipe this configuration. It may just unlink it server side.
Hope this helps someone!

Running Canvas app in a Tab

This is my first Facebook app and I'm on quite a tight deadline so forgive me if any of this is a dumb question.
I've set up a Canvas app, I've got it to authenticate by passing the parameters to the facebook URL:
https://www.facebook.com/dialog/oauth?client_id=1234&redirect_uri=MY_APP_URI
I can then get the user_id and name of the user, which for this particular app is all I need. It runs fine in the Canvas page.
Problem is I can't get it to run in a tab, it always redirects to the Canvas, which is not what I want - I need it to run within the context of my client's Facebook page. I've been trying to find examples of setting it up but everything seems to be out of date compared to what I'm seeing in the App settings.
My settings at the moment are:
App on Facebook
Canvas URL: http://localhost/facebook/
Canvas Page: http://apps.facebook.com/MYAPP
Page Tab
Page Tab Name: My test app
Page Tab URL: http://localhost/facebook/
I presume I'm missing something obvious, so if someone can advise I'd be grateful. For what it's worth I'm using .Net webforms and have the C# SDK installed, but don't think I'll need to really use it for this example.
EDITED TO ADD
I'm sure its to do with the authorization - I've followed the guide here developers.facebook.com/docs/appsonfacebook/tutorial on how to redirect the page back with the authorization payload, but obviously doing that has kicked it out of the tab and into the main Canvas again. I need to to stay where it is, if such a thing is possible.
localhost points from your local machine to itself. Facebook does not know what localhost relates to and cannot load the app. You need to make your app accessible from outside of your machine.
It was the fact that I was still redirecting the url, when you run in a tab you don't need to redirect to another url to get the user data, it's just there waiting.

Chrome returns "Bad Request - Request Too Long" when navigating to local IIS Express

I have a web application that runs perfectly fine when I use the Visual Studio 2010 development server (Cassini). However when I try to use IIS Express to host the site Chrome just displays a "Bad Request - Request Too Long" error. The IIS Express site does display in other browsers (FireFox and IE9) so I'm kind of confused. The error occurs in Chrome when I try request pages in my application or even basic resources like an image, so I don't think it is an issue with URL rewriting or routing.
Just to see if the problem was somehow a result of my site's code, I created a new MVC3 website and tried running that. This worked in the VS development server, but once again produced the "Bad Request" error when running under IIS Express.
I am about to start testing the site using some mobile devices so I need to get this running under IIS. Any suggestions would be greatly appreciated.
EDIT:
The root url of the site (http://localhost:50650/) is being requested using GET. I am currently using Chrome v12.0.742.112.
I get this all the time ONLY in Chrome and I have to clear browsing data to fix it.
Wrench > Tools > Clear Browsing Data
Check the following:
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site data
Then click "Clear Browsing Data" button and refresh your page.
UPDATE:
I figured out that it has to do with writing too many cookies to the browser and that if you just close all instances of Chrome, the error goes away for a while. To prevent it, you'll need to clear out your cookies programmatically.
Instead of clearing all the cookies, just do the following:
Right click the lock in the address bar area (see picture below)
Under cookies there is a link saying how many cookies are used
Click that link
Remove all cookies in there (or just the troublesome if you can identify them)
Problem gone
This error is caused by a corrupt cookie for the website you are trying to view, so to clear it all you need to do is clear the bad cookie(s) for that website.
In Chrome, go to...
chrome://settings/cookies
(Or manually go to Settings->Advanced Settings->Privacy->Content->All Cookies and Site data)
From there, you can search for cookies that match the site you are having problems on. Finally, click "remove all" for the matching cookies.
The problem is usually that the site in question has accumulated too many cookies or created cookies which are too large, making the HTTP headers swell beyond the allowed maximum.
One-time work-around
As has been mentioned, you can go to Settings|Advanced|Content Settings|All Cookies and Site Data, search for the site in question, and delete the cookies using the X button on the right. This reduces the header size of the HTTP request when contacting the site.
Long-term work-around
In addition to removing them one-time, however, you can prevent further problems with heavy cookie sites by going to Settings|Advanced|Content Settings|Manage Exceptions, and add the base site url (e.g. "msdn.microsoft.*" without the quotes) and select Behavior as "Clear on Exit". You might have to login more often to these sites, but this should prevent the problem.
I encountered this problem when using ADB2C login from ASP.NET WebApp. In Firefox you can do similar use case to delete related coockies and problem is gone for a while. Click on HTTPS (i) lock icon with, select ">" button on the right, select More information, select Security tab, click on View Cookies and click on Remove All. Done 4 a while.
If Above methods didn't work then enter
chrome://settings/resetProfileSettings
and Click on Reset Settings
This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your bookmarks, history and saved passwords will not be cleared.

Redirect issues

Whoever wrote the navigation for the site I’m currently working on (classic asp) points the navigation links to a folder, then inside to folder has an index.asp file, so the urls will look something like this www.mysite.com/myfolder/mysubfolder
Now, when watch the page load using httpfox, I notice that the first entry is a 302 redirect to the same address with a “/” on the end, so www.mysite.com/myfolder gets redirected to www.mysite.com/myfolder/ (note the / on the end).
I’m not to worried that it’s a 302 since its in the admin section of the site, but when I forward the host headers from ISA server, for an https request, its being redirected from https://www.mysite.com/myfolder to http://www.mysite.com:443/myfolder/ and causing all kinds of problems.
Anyway, I can’t seem to find any code making this redirect happen, so does IIS 6 do this because the url points to a folder? Or do I need to comb through the code more closely?
the problem is not in the code.
the redirect happens because there is no url "https://www.mysize.com/myfolder".
correct urls look like this: "https://www.mysize.com/myfolder/"
so the last / is important and only with this you have a valid url!
the webserver now is cute enough to automatically send a "302 found (originally temporary redirect, but now commonly used to specify redirection for unspecified reason)" status code.
just add the / to the links and you're fine

Resources