Geek Answers Handbook

Downloading IE10 and IE11 does not send POST data

I am trying to do a POST multipart / form-data with hidden fields and a file, and the transmission freezes.

Web Server: A Windows 2012 server running on IIS 8.0.

Authentication: Windows enabled (negotiation and NTLM)

Client: Windows Server 2008 Server / Windows 2012 Server (localhost) Internet Explorer 10.0.12 both have the same problem

I have CGI running on a web server and I verify that it is available and responding, then I make a jQuery Ajax request to send the POST data. Using Fiddler, I watched how the web server and browser interact (see below). It freezes at the last request, it shows Content-Length 500, but there is no data. IE seems to be waiting for it to be sent (?).

In Fiddler, you can change the data before sending a response. I tried this and it will not allow editing. It looks like it is still waiting for IE to keep sending. I tried disabling Windows Authentication and enabled Anonymous, and I have no problem. Also, on the first request, I cannot reproduce the problem (it works as expected), but on the next request it is consistent. No problem with Chrome, Firefox or IE9 and earlier. I cannot determine if this is a browser or a web server.

Request 1 CGI Verification

POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Host: www.example.com Pragma: no-cache HTTP/1.1 401 Unauthorized Content-Type: text/html Server: Microsoft-IIS/8.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM X-Powered-By: ASP.NET Date: Fri, 03 Jan 2014 20:29:28 GMT Content-Length: 1293 Proxy-Support: Session-Based-Authentication <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>401 - Unauthorized: Access is denied due to invalid credentials.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;position:relative;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset> <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> 
 POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Pragma: no-cache Host: www.example.com HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgoniOb3rEHzeNj0AAAAAAAAAAJwAnABKAAAABgLwIwAAAA9MAFIAUwBEAE8ATQBBAEkATgACABIATABSAFMARABPAE0AQQBJAE4AAQAUAFcASQBOAC0AUQBBADIAMAAxADIABAAUAGwAcgBzAGkAbgBjAC4AbwByAGcAAwAqAFcASQBOAC0AUQBBADIAMAAxADIALgBsAHIAcwBpAG4AYwAuAG8AcgBnAAUAFABsAHIAcwBpAG4AYwAuAG8AcgBnAAcACABOH1yAwgjPAQAAAAA= Date: Fri, 03 Jan 2014 20:29:28 GMT Content-Length: 341 Proxy-Support: Session-Based-Authentication <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Not Authorized</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Not Authorized</h2> <hr><p>HTTP Error 401. The requested resource requires user authentication.</p> </BODY></HTML> 
 POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Host: www.example.com Pragma: no-cache Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPuaPj4eFf7hfIoOiAvf0/xWwAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdKgld6FBtRxfUcAQJS6yPAQEAAAAAAABOH1yAwgjPAQcXz+RFuDKzAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAE4fXIDCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAADYL8orn+roxnPVhMNa1G0w HTTP/1.1 200 OK Content-Type: text/html Server: Microsoft-IIS/8.0 Persistent-Auth: true X-Powered-By: ASP.NET Date: Fri, 03 Jan 2014 20:29:28 GMT Connection: close Content-Length: 0 + B5Lu1yFWYA3Wkqf + iAxY / qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAADYL8orn + roxnPVhMNa1G0w POST http://www.example.com/test/mycgi.exe/ABC HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Connection: Keep-Alive Content-Length: 0 DNT: 1 Host: www.example.com Pragma: no-cache Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPuaPj4eFf7hfIoOiAvf0/xWwAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdKgld6FBtRxfUcAQJS6yPAQEAAAAAAABOH1yAwgjPAQcXz+RFuDKzAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAE4fXIDCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAADYL8orn+roxnPVhMNa1G0w HTTP/1.1 200 OK Content-Type: text/html Server: Microsoft-IIS/8.0 Persistent-Auth: true X-Powered-By: ASP.NET Date: Fri, 03 Jan 2014 20:29:28 GMT Connection: close Content-Length: 0

2 POST request with data and file

 POST http://www.example.com/test/mycgi.exe/ABC?trid=pxupld HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Content-Type: multipart/form-data; boundary=---------------------------7dd3c817903dc Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Host: www.example.com DNT: 1 Connection: Keep-Alive Pragma: no-cache Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Content-Length: 0 HTTP/1.1 401 Unauthorized Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgonioR3IHBVFoYwAAAAAAAAAAJwAnABKAAAABgLwIwAAAA9MAFIAUwBEAE8ATQBBAEkATgACABIATABSAFMARABPAE0AQQBJAE4AAQAUAFcASQBOAC0AUQBBADIAMAAxADIABAAUAGwAcgBzAGkAbgBjAC4AbwByAGcAAwAqAFcASQBOAC0AUQBBADIAMAAxADIALgBsAHIAcwBpAG4AYwAuAG8AcgBnAAUAFABsAHIAcwBpAG4AYwAuAG8AcgBnAAcACABzQ2OAwgjPAQAAAAA= Date: Fri, 03 Jan 2014 20:29:28 GMT Content-Length: 341 Proxy-Support: Session-Based-Authentication <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Not Authorized</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Not Authorized</h2> <hr><p>HTTP Error 401. The requested resource requires user authentication.</p> </BODY></HTML> 
 POST http://www.example.com/test/mycgi.exe/ABC?trid=pxupld HTTP/1.1 X-Requested-With: XMLHttpRequest Accept: */* Content-Type: multipart/form-data; boundary=---------------------------7dd3c817903dc Referer: http://www.example.com/test/mycgi2.exe/ABC Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Host: www.example.com Content-Length: 500 DNT: 1 Proxy-Connection: Keep-Alive Pragma: no-cache Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAABEAUQBsAAAABIAEgBYAAAAEAAQAGoAAAAeAB4AegAAABAAEAD0AQAAFYKI4gYBsR0AAAAPbaRPHPhdB+KO+QMFMSieX2wAcgBzAGQAbwBtAGEAaQBuAGMAcgBhAHcAZgBvAHIAZABXAEkATgAtAEIARAA3ADUANgBJAFAANgA0AE8ARwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUat4cr34A16p/u9YeXYBAAQEAAAAAAABzQ2OAwgjPAVb+mEX8/lPwAAAAAAIAEgBMAFIAUwBEAE8ATQBBAEkATgABABQAVwBJAE4ALQBRAEEAMgAwADEAMgAEABQAbAByAHMAaQBuAGMALgBvAHIAZwADACoAVwBJAE4ALQBRAEEAMgAwADEAMgAuAGwAcgBzAGkAbgBjAC4AbwByAGcABQAUAGwAcgBzAGkAbgBjAC4AbwByAGcABwAIAHNDY4DCCM8BBgAEAAIAAAAIADAAMAAAAAAAAAAAAAAAADAAAEa6q+B5Lu1yFWYA3Wkqf+iAxY/qnzwZi2pgk0t1XqKNCgAQAAAAAAAAAAAAAAAAAAAAAAAJACAASABUAFQAUAAvADEAMAAuADkANgAuADgALgAxADgANgAAAAAAAAAAAAAAAAAQcolcJBPzOWjm8V7iJiki

Waiting for the data I guess, any ideas?

+6
source share
3 answers

The solution for me was to stop using JQUERY to create a new form element and submit it using AJAX. Rather, I submitted the form using simple javascript. Which method did I use for IE7 and 8.

-1
source

What's happening.

  • You are requesting a page from IIS.
  • IIS says: "No, you need to authenticate (401). I take negotiations and / or NTLM." (In the default configuration with Windows Auth enabled)
  • IE sends authentication headers along with your request, and IIS gladly sends your page.
  • IE attaches authentication to the TCP connection used, so it does not need to authenticate again in IIS.
  • You wait, and IE bothers you and closes the TCP connection that it kept open (see Keep-Alive header . Do not disconnect third parties.). All your luscious Windows authentication disappears when the TCP connection closes.
  • Finally, you do something that fires the XHR POST of some binary payload or multipart / form-data.
  • IE goes through Windows authentication over the entire new TCP connection.
  • IE is screwed and sends a message, but cannot send data. He just stops and doesn't do it. In the case of multipart / form-data, the client and server get into the chicken game, everyone is waiting for the other to do something, and IE freezes. For other mime types, I noticed that IIS sends 408 back and is not hanging.

Workaround: Send a GET or HEAD request to IIS. IE will authenticate by this request. Once this is completed, submit your POST. IE will process the TCP connection from the GET or HEAD request (and its juicy Windows authentication data) for your POST and send your data correctly.

+6
source

This issue was successfully resolved in IE11 11.0.31 ( KB3154070 ):

HTTP Error Error 401 when trying to upload a file in Internet Explorer 11 in Windows 8.1 or Windows 7

0
source

More articles:


All Articles