排查curl请求方法被修改问题
背景
今天同事发现post请求,被转成了get,没有进到服务,显示如下:(使用的http的请求,nginx的http跳转到https,中间过了CW)
curl -vvv --location --request POST 'http://*' --header 'AppKey: *' --header 'Nonce: *' --header 'CurTime: *' --header 'CheckSum: *' --header 'User-Agent: Apifox/1.0.0 (https://apifox.com)' --header 'Content-Type: application/json;charset=utf-8' --header 'Accept: */*' --header 'Host: *' --header 'Connection: keep-alive' --header 'Cookie: HWWAFSESID=*; HWWAFSESTIME=*' --header 'Referer: http://*' --data-raw '{
"contents": [
{
"recordRole": "PATIENT",
"recordTime": *,
"recordContent": "你好"
}
]
}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Host *:80 was resolved.
* IPv6: (none)
* IPv4: *
* Trying *:80...
* Connected to * (*) port 80
> POST /api/text/v1 HTTP/1.1
> Host: *
> AppKey: *
> Nonce: *
> CurTime: *
> CheckSum: *
> User-Agent: Apifox/1.0.0 (https://apifox.com)
> Content-Type: application/json;charset=utf-8
> Accept: */*
> Connection: keep-alive
> Cookie: HWWAFSESID=*; HWWAFSESTIME=*
> Referer: http://*
> Content-Length: 133
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 14 May 2026 01:15:19 GMT
< Content-Type: text/html
< Content-Length: 239
< Connection: keep-alive
* Please rewind output before next send
< Location: https://*
< Server: CW
<
* Ignoring the response-body
* Connection #0 to host * left intact
* Issue another request to this URL: 'https://*'
* Switch from POST to GET
* Host *:443 was resolved.
* IPv6: (none)
* IPv4: *
* Trying *...
* Connected to * (*) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=*.
* start date: Feb 6 00:00:00 2026 GMT
* expire date: Feb 5 23:59:59 2027 GMT
* subjectAltName: host "*" matched cert's "*.*"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=RapidSSL TLS RSA CA G1
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> POST /api/text/v1 HTTP/1.1
> Host: *
> AppKey: *
> Nonce: *
> CurTime: *
> CheckSum: *
> User-Agent: Apifox/1.0.0 (https://apifox.com)
> Content-Type: application/json;charset=utf-8
> Accept: */*
> Connection: keep-alive
> Referer: http://*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200
< Date: Thu, 14 May 2026 01:15:20 GMT
< Content-Type: application/json;charset=UTF-8
< Content-Length: 131
< Connection: keep-alive
< Set-Cookie: HWWAFSESID=*; path=/
< Set-Cookie: HWWAFSESTIME=*; path=/
< Server: CW
<
* Connection #1 to host * left intact
{"traceId":"*","code":"E000014","message":"参数解析异常","bizMessage":null,"errorData":null,"data":null}
根据您提供的curl输出,我发现了问题的关键原因和解决方案:
问题原因分析
- 初始请求:发送POST请求到
http://[脱敏域名]/api/text/v1 - 301重定向:服务器返回301状态码,要求重定向到HTTPS版本
https://[脱敏域名]/api/text/v1 - 请求方法变更:curl在跟随301重定向时,默认将POST请求改为了GET请求
- 数据丢失:GET请求没有携带原始POST的数据体,导致服务器返回"参数解析异常"
这是curl的默认行为 - 根据HTTP规范,301重定向允许客户端改变请求方法,而curl默认会将POST改为GET。
解决方案
方法1:使用 -L 和 --post301 参数(推荐)
curl -vvv -L --post301 --location --request POST 'http://[脱敏域名]/api/text/v1' \
--header 'AppKey: [脱敏AppKey]' \
--header 'Nonce: [脱敏Nonce]' \
--header 'CurTime: [脱敏CurTime]' \
--header 'CheckSum: [脱敏CheckSum]' \
--header 'User-Agent: Apifox/1.0.0 (https://apifox.com)' \
--header 'Content-Type: application/json;charset=utf-8' \
--header 'Accept: */*' \
--header 'Host: [脱敏域名]' \
--header 'Connection: keep-alive' \
--header 'Cookie: [脱敏Cookie]' \
--header 'Referer: http://[脱敏域名]/api/text/v1' \
--data-raw '{
"contents": [
{
"recordRole": "PATIENT",
"recordTime": [脱敏时间戳],
"recordContent": "你好"
}
]
}'
方法2:直接使用HTTPS地址(最佳实践)
curl -vvv --request POST 'https://[脱敏域名]/api/text/v1' \
--header 'AppKey: [脱敏AppKey]' \
--header 'Nonce: [脱敏Nonce]' \
--header 'CurTime: [脱敏CurTime]' \
--header 'CheckSum: [脱敏CheckSum]' \
--header 'User-Agent: Apifox/1.0.0 (https://apifox.com)' \
--header 'Content-Type: application/json;charset=utf-8' \
--header 'Accept: */*' \
--header 'Host: [脱敏域名]' \
--header 'Connection: keep-alive' \
--header 'Cookie: [脱敏Cookie]' \
--header 'Referer: https://[脱敏域名]/api/text/v1' \
--data-raw '{
"contents": [
{
"recordRole": "PATIENT",
"recordTime": [脱敏时间戳],
"recordContent": "你好"
}
]
}'
方法3:使用 --request POST 强制指定方法
curl -vvv -L --request POST 'http://[脱敏域名]/api/text/v1' \
# 其他参数保持不变...
排查建议
- 检查服务器配置:确认服务器是否正确配置了HTTP到HTTPS的重定向
- 验证API文档:确认该API是否支持HTTP请求,或者是否要求必须使用HTTPS
- 测试工具:使用Postman等工具测试,观察重定向行为
- 网络抓包:使用抓包工具分析完整的请求/响应过程
根本原因
在日志中可以看到关键信息:
* Issue another request to this URL: 'https://[脱敏域名]/api/text/v1'
* Switch from POST to GET
这明确显示curl在重定向时将POST改为了GET。而API需要POST请求和JSON数据体,GET请求无法携带数据体,因此服务器返回错误。
推荐使用方法2(直接使用HTTPS),这是最彻底的解决方案,避免了重定向带来的所有潜在问题。
文档信息
- 文章作者: 运维技术团队 - 辣个男人Devin
- 发布日期: 2026年05月14日
- 适用系统: ubuntu24.04.3