Search code examples
asp.netoauth-2.0openid-connectauth0

How does browser is directed to new URL when last respone's code is 200 instead of 301

We are using Auth0's OpenID connect by ASP.NET OWIN component. In Chrome Devtool, there is one request I don't understand how it happens.

The first request is to https://iguide-login.us.auth0.com/authorize/resume. Its response is 200 and there is no content in response. Besides,this request type is document, not ajax.

Who initialize the next request to /callback/? If the first response code is 301, then I can understand. But why 200 can also lead to redirect?

Here is the details.

First request detail.

enter image description here

First request's response content is empty.

enter image description here

First request type is document.

enter image description here

Solution

  • I finally found the root cause. Just to share with who may also have same doubt. Previously, I thought /resume... does not return any html content becasue Chrome devtool is saying

    Failed to load response:No resource with given identifier found.

    It is wrong. I finally found that /resume... did return html content. I got it using Fiddler. Chrome devtool has its own bug or debat for this Failed to load response for years.

    When we are seeing this error, we should not think the server does not return any response content. We should think Chrome failed to load the content due to some reason. We can use Fiddler to get the actual response content if wanted.

    Here is the full response content of /resume, it clearly shows why browser does the redirect.

    <html>

  <head>
    <title>Submit This Form</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
  </head>

  <body onload="javascript:document.forms[0].submit()">
    <form method="post" action="https://xxx/callback/">xxx</form>
  </body>

</html>