It's an internal Django web app is hosted on a Windows Server 2008 with IIS 7.5, with Active Directory SSO enabled. Some links in the app response with a 302. For example, if the request is to go to myapp.com/change, the server will response with a 302 and redirect to myapp.com/change?user=5. In the browser, the url field shows the myapp.com/change?user=5, but the page looks like the picture above. If I hit enter on the url field, it goes to the correct page.
I have tried to troubleshoot with DevTools. When clicking on /change, server responses with a 302 followed by a 200, nothing else. The 200 is blank, with no header or body, and says "Caution: request is not finished yet". Meanwhile, there's the spinning icon showing on the chrome tab meaning it's still loading. After a few minutes, the 200 times out and the spinning stops.
Nothing in the code was changed in the last couple weeks, and two days ago people started reporting this issue. It didn't happen to me at first. I tried clearing cookie and cache, using different browsers and PCs, couldn't replicate it, then there's a scheduled PC restart yesterday, and I'm getting this now on all my browsers and PCs.
I am suspecting the gibberish is supposed to be the actual page html somehow appended to the Object Moved page. Maybe the 302 is not handled correctly in the client. But that doesn't explain why it worked before.
I've been stuck on this for two days. Please, if anyone has any idea. Let me know if you need more info. Thanks.
Edit to add: in the screenshot, the readable text starting from "HTTP/1.1 200..", it's actually the header of the following 200 response, somehow mixed into the 302's body. And BTW, this 302 Object Moved page never showed up before.
The 2021 post in this link worked for me:
<outboundRules>
<rule name="Remove injected 201 content" preCondition="Status 201">
<match filterByTags="None" pattern="^(?:.*[\r\n]*)*.*</body>" />
<action type="Rewrite" value="" />
</rule>
<preConditions>
<preCondition name="Status 201" patternSyntax="Wildcard">
<add input="{RESPONSE_STATUS}" pattern="201" ignoreCase="false" />
</preCondition>
</preConditions>
</outboundRules>
It'a apparently a bug in IIS 7.5. The above is a workaround by setting up an outboundRule. In my case, it's 302 that's going wrong, so I switched 201 with 302.
I'm still not sure why it suddenly act up like this. Something must have changed, but this change did not happen to everybody at once. I think it's some kind of update on the client side, either browser or Windows, because it started happening to the PCs I tested after the scheduled restart.