Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

301 response missing Location header #11

Closed
suntong opened this issue May 8, 2021 · 7 comments
Closed

301 response missing Location header #11

suntong opened this issue May 8, 2021 · 7 comments

Comments

@suntong
Copy link
Contributor

suntong commented May 8, 2021
edited
Loading

Following up on #5 & #6,

Thanks for icepie's effort, I've made it pass the login scan step.
But this is what I'm getting now:

访问下面网址扫描二维码登录
https://login.weixin.qq.com/qrcode/obQ...Ztg==
Get "https://web.wechat.com/cgi-bin/mmwebwx-bin/webwxnewloginpage?ticket=ArU...V3NX@qrticket_0&uuid=obQ...Ztg==&lang=zh_CN&scan=1620481397": 301 response missing Location header

I'm logging in from oversea BTW. That might be the reason why WX asking for "Location header".

I've tried to use KW of mmwebwx-bin or webwxnewloginpage to search in this repo, but didn't find anything.
So I cannot tell where the problem comes from as of now.

Please take a look.
@suntong
Copy link
Contributor Author

suntong commented May 8, 2021
edited
Loading

I thought adding a fake Location header to that get https://web.wechat.com/cgi-bin/mmwebwx-bin/webwxnewloginpage request might help, but on researching

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Location

It seems the problem is more from the server side. So I'm making another request to have more insight into the login handshaking #12.

@suntong suntong mentioned this issue May 8, 2021
Closed
@suntong
Copy link
Contributor Author

suntong commented May 8, 2021
edited
Loading

Quoting from wechaty/puppet-wechat#127 (comment)

我本地测试了一个最简化的代码,发现 https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxnewloginpage 是扫码点击确定后的跳转地址,所以不扫码确定看不到这个path。以下是我使用puppeteer写的最小demo,本地测试已经可以成功登陆网页端...

The KW mmwebwx-bin or webwxnewloginpage are indeed not in this repo.
It is the 扫码点击确定后的跳转地址.

@suntong
Copy link
Contributor Author

suntong commented May 8, 2021

Still from wechaty/puppet-wechat#127 (comment)

I think this comment might reveal what's missing:

This patch should be applied to the third step of login.

When you get a 200 from https://login.weixin.qq.com/cgi-bin/mmwebwx-bin/login, the response must contain window.redirect_uri="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxnewloginpage.

When requesting cgi-bin/mmwebwx-bin/webwxnewloginpage, this patch is needed. Besides, wxsid and wxuin should be obtained from Cookie, not XML response.

@eatmoreapple
Copy link
Owner

是的,这个问题开始我是找不到原因的,感谢您的提议,后面会去关注测试。

@eatmoreapple
Copy link
Owner

已修复!see https:/golang/go/blob/cde2d857fe1f13ade269e3f7d58c6c2379a53c50/src/net/http/client.go#L647

@suntong
Copy link
Contributor Author

suntong commented May 13, 2021

When requesting cgi-bin/mmwebwx-bin/webwxnewloginpage, this patch is needed. Besides, wxsid and wxuin should be obtained from Cookie, not XML response.

I think the above is the reason that I'm getting the 301 response missing Location header error, i.e., if proper patch is applied and proper wxsid and wxuin is used when making the cgi-bin/mmwebwx-bin/webwxnewloginpage request, I might not see that loginForbiddenError error, I think.

comment?

@eatmoreapple
Copy link
Owner

这个问题的引发的原因是请求返回的response的状态码为301(跳转), 但是在responseHeader里面没有Location, 而是直接返回了一个禁止登陆的xml。(正常登陆会有这个Header)
go的client源码认为如果需要跳转响应的Header中没有Location(浏览器会根据这个字段跳转对应的网页),则这个响应是一个不合法response

@suntong suntong mentioned this issue Jul 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@suntong @eatmoreapple