[BUG] GM_xmlhttpRequest 遇到302跳转没有正常跟随

[DreamNya]

问题描述

以Steam社区为例，在session失效、其他cookies有效时，
正常访问https://steamcommunity.com/my/inventory/，会进行7次302跳转

1. session失效，302跳转登录页面 https://steamcommunity.com/login/home/?goto=%2Fmy%2Finventory%2F
2. 其他cookies有效，302跳转jwt刷新页面 https://login.steampowered.com/jwt/refresh?redir=https%3A%2F%2Fsteamcommunity.com%2Fmy%2Finventory%2F
3. 获得新cookies，302跳转 https://steamcommunity.com/login/settoken?steamID=XXXXX&nonce=XXXXX&redir=%2Fmy%2Finventory%2F&auth=XXXXX
4. 再次302跳转回原始页面 https://steamcommunity.com/my/inventory/
5. 此时cookies均有效，302跳转个人仓库 https://steamcommunity.com/id/XXXXX/inventory
6. 刷新Steam市场cookies，302跳转 https://steamcommunity.com/market/eligibilitycheck/?goto=%2Fid%2FXXXXX%2Finventory
7. 最后302跳转回个人仓库 https://steamcommunity.com/id/XXXXX/inventory

然而使用 GM_xmlhttpRequest 去 GET 时 https://steamcommunity.com/my/inventory/
在session失效、其他cookies有效时，无论是否显式声明 redirect: "follow"，都只能302跳转第一次
无法触发第二次302跳转 https://login.steampowered.com/jwt/refresh?redir=https%3A%2F%2Fsteamcommunity.com%2Fmy%2Finventory%2F
（此时session能正常刷新，其余cookies由于未请求jwt页面而未正常刷新）

GM_xmlhttpRequest({
    url: `https://steamcommunity.com/my/inventory/`,
    method: "GET",
    onload: (xhr) => {
        console.log(xhr.finalUrl);
    },
});

再次手动GET 原本应该302跳转的地址 https://login.steampowered.com/jwt/refresh?redir=https%3A%2F%2Fsteamcommunity.com%2Fmy%2Finventory%2F
成功触发剩余6次302跳转

GM_xmlhttpRequest({
    url: `https://login.steampowered.com/jwt/refresh?redir=https%3A%2F%2Fsteamcommunity.com%2Fmy%2Finventory%2F`,
    method: "GET",
    onload: (xhr) => {
        console.log(xhr.finalUrl);
    },
});

说明 GM_xmlhttpRequest 的302跳转跟随逻辑可能出现了问题

重现步骤

GM_xmlhttpRequest({
    url: `https://steamcommunity.com/my/inventory/`,
    method: "GET",
    redirect: "follow",
    onload: (xhr) => {
        console.log(xhr.finalUrl);
    },
});

GM_xmlhttpRequest({
    url: `https://login.steampowered.com/jwt/refresh?redir=https%3A%2F%2Fsteamcommunity.com%2Fmy%2Finventory%2F`,
    method: "GET",
    onload: (xhr) => {
        console.log(xhr.finalUrl);
    },
});

脚本猫版本

1.2.4

操作系统以及浏览器信息

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Edg/143.0.0.0

补充信息 (选填)

代码结果

网络请求

前几次302跳转，无论是否使用`redirect: "follow"`、无论是xhr还是fetch，链条均断在`https://steamcommunity.com/login/home/?goto=%2Fmy%2Finventory%2F`上

[cyfung1031]

个人不太懂 session cookie 转址 的关系，只是好奇一下，
你的代码 用Tampermonkey 跑的话会如何？

---

@CodFrm 事先讲明我不太认识这些转址问题。但你有PR的话我可以看看。

[CodFrm]

我弄了一个示例，似乎没有302跳转的问题，看起来一切正常，TM跑可以么？

// ==UserScript==
// @name         New Userscript P54R-1
// @namespace    https://docs.scriptcat.org/
// @version      0.1.0
// @description  try to take over the world!
// @author       You
// @match        https://docs.scriptcat.org/
// @grant        GM_xmlhttpRequest
// @connect      test-case.ggnb.top
// ==/UserScript==

GM_xmlhttpRequest({
    url: `https://test-case.ggnb.top/redirect?count=8`,
    method: "GET",
    redirect: "follow",
    onload: (xhr) => {
        console.log(xhr.finalUrl);
    },
});

GM_xmlhttpRequest({
    url: `https://test-case.ggnb.top/redirect?count=8`,
    method: "GET",
    onload: (xhr) => {
        console.log(xhr.finalUrl);
    },
});

[DreamNya]

试了下TM的GM_xmlhttpRequest，结果和ScriptCat的大致相同
第一次302跳转后，没有继续302跟随而是200OK了

TM和SC都在第2次302时变为200，手动GET跳转地址又能继续跟随剩余6次302跳转
而浏览器地址栏中输入地址却能完整跟随7次302跳转
很古怪，不清楚GM_xmlhttpRequest 302跳转的原理具体是啥，感觉不太符合直觉