Why does IE duplicate query parameters when redirecting from HTTP to HTTPS

Question

We are hosting a site on IIS, and we are requiring HTTPS requests, and I've run across an odd bug related to how internet explorer (IE) handles that URL redirect.

If the initial request is

http://my.domain.com/?param1=hello&param2=100

then IIS forces the request to be redirected to an HTTPS request, but the resulting request is

https://my.domain.com/?param1=hello&param2=100&param1=hello&param2=100

In other modern browsers, this is not the case and the request is redirected as expected.

We are using URL Rewrite to redirect requests to HTTPS

Has anyone else seen this before, and is there anything that can be done to fix it?

Answer 1

After realizing that the redirect was occurring in IIS, I was looking at settings in the rewrite action and noticed that the check box Append query string was checked. After unchecking that box, it appears to have resolved the issue. Query strings are still present in the redirect, but they aren't being duplicated now in IE.

The setting can also be changed in xml of the web.config by adding appendQueryString = "false" to the <action> child.

In the web.config file before making the change, there was nothing explicitly specifying the state of appendQueryString, so it is important to note that it seems that the default behavior of a redirect action is to append the query string.

To change the setting in IIS:

1. Open IIS Manager.
2. Select [Web Site With Issue].
3. In the Feature View, click "URL Rewrite".
4. Select "HTTP/S to HTTP Redirect" Rule and click "Inbound Rules > Edit" at right
5. Scroll down to nearly the bottom of the editor pane to "Action > Append Query String" checkbox and uncheck it.
6. Click "Apply" at right.

(Pretty pictures of most of this procedure here)