bramus / mixed-content-scan

Scan your HTTPS-enabled website for Mixed Content
MIT License
522 stars 51 forks source link

Odd 303 redirect loop #65

Open Spunkie opened 7 years ago

Spunkie commented 7 years ago

I've run into an odd issue where only a single page on a site I'm scanning is producing a 303 redirect loop and ultimately erroring out with MCS.CRITICAL: cURL Error (47): Maximum (20) redirects followed.

The odd part being I'm unable to reproduce this 303 code response outside of mixed-content-scan. I've tested in multiple browsers, stock CLI cURL, and a few other random online scanner/validator tools but I'm not seeing any issues with the page. While mixed-content-scan produces this error on both my windows box and linux server.

Normally I would consider this purely a site configuration issue and unrelated to mixed-content-scan but since I can't reproduce it anywhere else I'm a bit stumped. From what I know about the server config and software there is no reason a redirect should be happening there and if there was it would be using 301/302 codes. While researching this issue I also found reports that this can happen when trying to access a page with POST when GET is required but I can clearly see in the debug output that cURL is using GET.


Steps to reproduce on my windows box

composer require bramus/mixed-content-scan:~2.8
cd .\vendor\bramus\mixed-content-scan\bin\
php .\mixed-content-scan https://www.458parts.com/index.php/cart --no-check-certificate

Steps to reproduce on my linux server

composer global require bramus/mixed-content-scan:~2.8
mixed-content-scan https://www.458parts.com/index.php/cart

Here is a gist of the cmd output with verbose cURL debugging turned on:

https://gist.github.com/Spunkie/0a1756729446b316a602823cd8589338