When I open some web pages, they may jump to another web page automatically after a while. For example, if you open https://list.jd.com/list.html?cat=670,677,688 it will jump to cfe.m.jd.com/..., then further jump to passport.jd.com that asks you to login. I think on the page list.jd.com/..., there must be a statement like window.location.href=...that causes the jump. But where is the statement? How can I find the statement in a systematic way? I mean I can press F12 and set a breakpoint on that statement then refresh the page to stop at that statement.
Not all redirects are done using JavaScript so that means there won't always be a location.href to look for in a script. In fact it's quite the opposite. Most redirects like the one you gave in your example are done on the server, load balancer or most likely by the DNS provider, more explanation here.
If you curl the url in your example you will see there is a 302:
curl -s https://list.jd.com/list.html?cat=670,677,688
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.10.3</center>
</body>
</html>
You can tell curl to follow this redirect with the -L option:
curl -sL https://list.jd.com/list.html?cat=670,677,688
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport"
content="width=device-width,initial-scale=1.0,user-scalable=no,maximum-scale=1.0,viewport-fit=cover" />
<title>京东安全</title>
<link href="https://cfe.m.jd.com/privatedomain/risk_handler/03101900/css/app.34c74a0c.css" rel="preload" as="style"><link href="https://cfe.m.jd.com/privatedomain/risk_handler/03101900/js/app.js" rel="preload" as="script"><link href="https://cfe.m.jd.com/privatedomain/risk_handler/03101900/js/chunk-vendors.js" rel="preload" as="script"><link href="https://cfe.m.jd.com/privatedomain/risk_handler/03101900/css/app.34c74a0c.css" rel="stylesheet"></head>
<body>
<div class="ipaas-floor-app"></div>
<script type="text/javascript" src="https://cfe.m.jd.com/privatedomain/risk_handler/03101900/js/chunk-vendors.js"></script><script type="text/javascript" src="https://cfe.m.jd.com/privatedomain/risk_handler/03101900/js/app.js"></script></body>
There a couple of scipts listed in that response so you could see what is happening in those scripts.
The best way would be to go into your dev tools (for illustration I'll use Chrome) and select:
Sources tab.Event Listener BreakpointsLoadLoad and Unload.Paste https://list.jd.com/list.html?cat=670,677,688 and see the various stages of the Load and Unload. The browser will pause at these breakpoints. Good luck with your exploration.