来自静态资源的间歇性 401
我在我正在工作的网站之一上看到了一些非常奇怪的东西。许多静态文件(图像、css 或 js)间歇性返回 401(未经授权)。这只发生在 UAT 环境中,但在 dev 或 live 环境中都不会发生。
如果我清除浏览器缓存并加载网站,一切都会正常 - 全面返回 200 秒。如果我在某些文件之后立即按 F5,将返回 401。在 Firebug 控制台和 Fiddler 中都观察到了这一点。
返回 401 的文件集是半一致的。我可以在页面更改之前刷新页面约 5 次。
奇怪的是,Firebug NET 面板显示与返回 304 完全相同的请求(未修改)。站点外观不受这些错误的影响,因此我认为这只是 Firebug 问题,当它可以从缓存中读取 401 时,它无法正确显示 401。
如果我清除浏览器缓存并重试 - 一切都会正常加载(返回 200)。
失败请求的标头
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="xxxxxx.tld"
X-Powered-By: ASP.NET
Date: Thu, 27 Oct 2011 16:12:45 GMT
Proxy-Support: Session-Based-Authentication
您可能会注意到响应中的身份验证质询标头,这并不奇怪 - 该站点受到保护。令人惊讶的是,它们在用户已经通过身份验证并加载主页之后出现。更重要的是,它们只出现在一秒钟前加载良好的缓存文件上。
I am seeing something really strange here on one of the sites I am working on. A number of static files (images, css or js) intermittently return 401 (unauthorized). This only occurs in UAT environment, but not dev nor live.
If I clear browser cache and load the site, everything works fine - 200s returned across the board. If I hit F5 right after some of the files will return 401. Observed this both in Firebug console and Fiddler.
The set of files that return 401 is semi-consistent. I can refresh page ~5 times before it changes.
Strangely enough Firebug NET panel shows very same requests as returning 304 (not modified). Site appearance is unaffected by these errors, so I assume this is just Firebug issue where it fails to properly show 401s when it can read them from cache.
If I purge browser cache and try again - everything will load fine (200 returned).
Headers from the failed requests
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="xxxxxx.tld"
X-Powered-By: ASP.NET
Date: Thu, 27 Oct 2011 16:12:45 GMT
Proxy-Support: Session-Based-Authentication
You may notice auth challenge headers in the response, which is not surprising - the site is protected. The surprising part is that they appear after user was already authenticated and loaded main page just fine. More so, they only appear only on cached files that loaded fine a second ago.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论