我通过.NET以编程方式信任我的yammer应用程序。在调试POST请求以信任应用程序时,响应可能会在响应尝试重定向到SharePoint MySite主机时随意呈现302或404.
如果我在同一个调试会话期间循环我的请求,我会得到相同类型的响应。我必须重新启动调试才有机会获得不同的响应。我已经尝试设置分钟长时间睡眠,以确保时间与我得到的响应类型无关。同样的规则似乎适用:一个调试会话,一个响应类型。
我现在的问题是:我需要做些什么来避免这些404?
这是小提琴手的回应:
302回应:
POST https://www.yammer.com/MYNETWORK/oauth2/decision?client_id=MYAPPCODE&redirect_uri=http%3a%2f%2fmy.devmachine.contoso.com&response_type=code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: www.yammer.com
Cookie: yamtrak_id=[GUID]; _workfeed_session_id=[ID] Content-Length: 90
Expect: 100-continue
utf8=%E2%9C%93&authenticity_token=[TOKEN]=&allow=Allow
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 29 Sep 2014 13:21:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Status: 302 Found
Location: http://my.devmachine.contoso.com?code=[CODE] X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-UA-Compatible: IE=Edge,chrome=1
Set-Cookie: yamtrak_id=[ID]; path=/; expires=Tue, 29-Sep-2015 13:21:51 GMT; secure; HttpOnly
Set-Cookie: auth_token=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
Set-Cookie: auth_token_sso=; domain=yammer.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
X-Date: 1411996911966
X-Runtime: 0.073263
7e
<html><body>You are being <a href="http://my.devmachine.contoso.com?code=[CODE]">redirected</a>.</body></html>
0
404回应:
POST https://www.yammer.com/MYNETWORK/oauth2/decision?client_id=MYAPPCODE&redirect_uri=http%3a%2f%2fmy.devmachine.contoso.com&response_type=code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: www.yammer.com
Cookie: yamtrak_id=[GUID]; _workfeed_session_id=[ID]
Content-Length: 90
Expect: 100-continue
utf8=%E2%9C%93&authenticity_token=[TOKEN]=&allow=Allow
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 29 Sep 2014 13:26:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 404 Not Found
Cache-Control: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-UA-Compatible: IE=Edge,chrome=1
X-Date: 1411997163223
X-Runtime: 0.068703
a45
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=8,chrome=1" />
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>The page you were looking for doesn't exist (404)</title>
<link href="/stylesheets/yamkit/yam.css" media="screen, projection" rel="stylesheet" type="text/css" />
<style type="text/css">
body {
...
<div id="parallax-static">
<div id="parallax-static-text">
<h1>Oops!</h2>
<h2>The page you were looking for could not be found.</h2>
<a href="/" title="">Let's go back to your happy place.</a>
</div>
</div>
...
</body>
</html>
0
我知道这个论坛中的其他yammer线程,我正在使用新的login_csrf_token cookie进行身份验证,所以这不应该是问题。
感谢阅读!我很感激有关如何解决这个问题的任何建议。
编辑:我已尝试将其他网站(谷歌)设为我的重定向网址,但交替行为仍然存在。
答案 0 :(得分:0)
找到它:原来有时真实性令牌包含需要进行URL编码的加号字符(+)。令牌也可以包含正斜杠(/),但是他们不会将后续调用带到/ session或/ oauth2 / decision,只会加上。