[tbb-bugs] #21749 [Applications/Tor Browser]: bitcoin.de

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 20 14:49:07 UTC 2017

#21749: bitcoin.de
 Reporter:  globos                               |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability-website, ff52-esr-     |  Actual Points:
  will-have                                      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
Changes (by gk):

 * keywords:  tbb-usability-website, ff52-esr => tbb-usability-website, ff52


 So, this works in a Firefox 52 based Tor Browser because there you get
 redirected differently. More importantly, you get the usual Cloudflare
 experience (that is a CAPTCHA is greeting you) and after solving that one
 you proceed to the properly working bitcoin page.

 Now, the reason for the different redirect is that the ESR 52 sends:
 `Accept-Encoding: gzip, deflate, br` and the ESR 45 just `Accept-Encoding:
 gzip, deflate`. This seems to me a bug in the Cloudflare setup. They have
 probably just forgotten that there are still folks out there using ESR 45
 and are exposed to the CAPTCHAs.

 We can't fix that easily on our side as not sending the Brotli support was
 explicitely done for ESR 45:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1254411 as backporting a
 security fix was deemed too risky.

 I hope to get hold of some Cloudflare folks this week who might be able to
 check at least whether that is really a Cloudflare bug.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21749#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list