[tor-bugs] #3673 [EFF-HTTPS Everywhere]: Jobvite inclusions broken on dropbox.com
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Aug 1 21:48:37 UTC 2011
#3673: Jobvite inclusions broken on dropbox.com
----------------------------------+-----------------------------------------
Reporter: pde | Owner: pde
Type: defect | Status: accepted
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by pde):
Here are what I think are the relevant Live HTTP Headers, from after
HTTPS-Everywhere has detected the loop and given up rewriting:
{{{
----------------------------------------------------------
http://www.dropbox.com/position?jvi=oQ1lVfwR,Job
GET /position?jvi=oQ1lVfwR,Job HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101
Firefox/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer:
http://hire.jobvite.com/CompanyJobs/Careers.aspx?k=JobListing&c=qD19Vfws&jvresize=http%3a%2f%2fwww.dropbox.com%2fframeresize.htm&v=1
Cookie: gvc=MzA4NjE5Mjg4MjU0MDE2MjQ2ODkyMDQzNDgzOTAyNDE2MzU5NjY2;
__utma=145599457.311659016731854700.1312234669.1312234669.1312234669.1;
__utmb=145599457.5.10.1312234669; __utmc=145599457;
__utmz=145599457.1312234669.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 01 Aug 2011 21:40:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Encoding: gzip
----------------------------------------------------------
http://hire.jobvite.com/CompanyJobs/Jobs.aspx?c=qD19Vfws&jvresize=http://www.dropbox.com/frameresize.htm&j=oQ1lVfwR,Job&k=Job
GET
/CompanyJobs/Jobs.aspx?c=qD19Vfws&jvresize=http://www.dropbox.com/frameresize.htm&j=oQ1lVfwR,Job&k=Job
HTTP/1.1
Host: hire.jobvite.com
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101
Firefox/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://www.dropbox.com/position?jvi=oQ1lVfwR,Job
Cookie: ASP.NET_SessionId=25anfp55pjrmhk55yhioiurf;
__utma=197432630.1540392077.1312234672.1312234672.1312234672.1;
__utmb=197432630.15.10.1312234672; __utmc=197432630;
__utmz=197432630.1312234672.1.1.utmcsr=dropbox.com|utmccn=(referral)|utmcmd=referral|utmcct=/jobs;
__utmv=197432630.|1=UserId=07f72031-ce41-4b45-9acd-
3c0ee4a6f203=1,2=CompanyId=qD19Vfws=1; guestidc=07f72031-ce41-4b45-9acd-
3c0ee4a6f203
HTTP/1.1 302 Object Moved
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location:
Careers.aspx?k=JobListing&c=qD19Vfws&jvresize=http%3a%2f%2fwww.dropbox.com%2fframeresize.htm&j=oQ1lVfwR%2cJob&v=1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 01 Aug 2011 21:40:09 GMT
Content-Length: 155
----------------------------------------------------------
http://hire.jobvite.com/CompanyJobs/Careers.aspx?k=JobListing&c=qD19Vfws&jvresize=http%3a%2f%2fwww.dropbox.com%2fframeresize.htm&j=oQ1lVfwR%2cJob&v=1
GET
/CompanyJobs/Careers.aspx?k=JobListing&c=qD19Vfws&jvresize=http%3a%2f%2fwww.dropbox.com%2fframeresize.htm&j=oQ1lVfwR%2cJob&v=1
HTTP/1.1
Host: hire.jobvite.com
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101
Firefox/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://www.dropbox.com/position?jvi=oQ1lVfwR,Job
Cookie: ASP.NET_SessionId=25anfp55pjrmhk55yhioiurf;
__utma=197432630.1540392077.1312234672.1312234672.1312234672.1;
__utmb=197432630.15.10.1312234672; __utmc=197432630;
__utmz=197432630.1312234672.1.1.utmcsr=dropbox.com|utmccn=(referral)|utmcmd=referral|utmcct=/jobs;
__utmv=197432630.|1=UserId=07f72031-ce41-4b45-9acd-
3c0ee4a6f203=1,2=CompanyId=qD19Vfws=1; guestidc=07f72031-ce41-4b45-9acd-
3c0ee4a6f203
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Mon, 01 Aug 2011 21:40:09 GMT
Content-Length: 22590
----------------------------------------------------------
https://www.dropbox.com/frameresize.htm?height=1263
GET /frameresize.htm?height=1263 HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101
Firefox/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer:
http://hire.jobvite.com/CompanyJobs/Careers.aspx?k=JobListing&c=qD19Vfws&jvresize=http%3a%2f%2fwww.dropbox.com%2fframeresize.htm&j=oQ1lVfwR%2cJob&v=1
Cookie: gvc=MzA4NjE5Mjg4MjU0MDE2MjQ2ODkyMDQzNDgzOTAyNDE2MzU5NjY2;
__utma=145599457.311659016731854700.1312234669.1312234669.1312234669.1;
__utmb=145599457.6.10.1312234669; __utmc=145599457;
__utmz=145599457.1312234669.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 01 Aug 2011 21:40:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Encoding: gzip
----------------------------------------------------------
}}}
Joe, could the problem have anything to do with that last frameresize
request? Might that behave differently when we send it over https for
some reason?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3673#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list