I've run into an odd issue where only a single page on a site I'm scanning is producing a 303 redirect loop and ultimately erroring out with MCS.CRITICAL: cURL Error (47): Maximum (20) redirects followed.
The odd part being I'm unable to reproduce this 303 code response outside of mixed-content-scan. I've tested in multiple browsers, stock CLI cURL, and a few other random online scanner/validator tools but I'm not seeing any issues with the page. While mixed-content-scan produces this error on both my windows box and linux server.
Normally I would consider this purely a site configuration issue and unrelated to mixed-content-scan but since I can't reproduce it anywhere else I'm a bit stumped. From what I know about the server config and software there is no reason a redirect should be happening there and if there was it would be using 301/302 codes. While researching this issue I also found reports that this can happen when trying to access a page with POST when GET is required but I can clearly see in the debug output that cURL is using GET.
Steps to reproduce on my windows box
composer require bramus/mixed-content-scan:~2.8
cd .\vendor\bramus\mixed-content-scan\bin\
php .\mixed-content-scan https://www.458parts.com/index.php/cart --no-check-certificate
Steps to reproduce on my linux server
composer global require bramus/mixed-content-scan:~2.8
mixed-content-scan https://www.458parts.com/index.php/cart
Here is a gist of the cmd output with verbose cURL debugging turned on:
I've run into an odd issue where only a single page on a site I'm scanning is producing a
303
redirect loop and ultimately erroring out withMCS.CRITICAL: cURL Error (47): Maximum (20) redirects followed
.The odd part being I'm unable to reproduce this
303
code response outside ofmixed-content-scan
. I've tested in multiple browsers, stockCLI cURL
, and a few other random online scanner/validator tools but I'm not seeing any issues with the page. Whilemixed-content-scan
produces this error on both my windows box and linux server.Normally I would consider this purely a site configuration issue and unrelated to
mixed-content-scan
but since I can't reproduce it anywhere else I'm a bit stumped. From what I know about the server config and software there is no reason a redirect should be happening there and if there was it would be using301
/302
codes. While researching this issue I also found reports that this can happen when trying to access a page withPOST
whenGET
is required but I can clearly see in the debug output thatcURL
is usingGET
.Here is a gist of the cmd output with verbose
cURL
debugging turned on: