Https redirect from one server to another
Question
The scenario is that a browser makes a request to server1. server1, does a https redirect to server2 with some confidential information in HTTP header. Can browser view the contents of redirect from server1 or would it be encrypted?
1 answers
solution1
1 ACCPTED 2014-04-17 21:02:33
Can browser view the contents of redirect from server1 or would it be encrypted?
HTTPS provides transport-layer security between a browser and a server. The browser can indeed view anything in the response from either server.
You can test this for yourself. Just open the developer tools in your browser (in IE press F12), navigate to the tab that deals with network connections, and record the network conversation during such a redirect. You can inspect the response headers from the redirect.
If the two servers need to exchange confidential information (meaning the browser should not be able to discover the information), it is best if they talk to each other directly via a secure channel. You could consider adding the confidential data in encrypted form to the response (such that server2 can decrypt it), but any time you expose even the encrypted data to the client unnecessarily, you introduce another attack vector.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.