[tor-bugs] #4278 [EFF-HTTPS Everywhere]: MSDN navigation breakage (due to Origin: header omission?) (was: MSDN navigation breakage)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Nov 15 07:39:48 UTC 2011 

#4278: MSDN navigation breakage (due to Origin: header omission?)
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde     
     Type:  defect                |         Status:  accepted
 Priority:  normal                |      Milestone:          
Component:  EFF-HTTPS Everywhere  |        Version:          
 Keywords:                        |         Parent:          
   Points:                        |   Actualpoints:          
----------------------------------+-----------------------------------------
Changes (by pde):

 * cc: mikeperry (added)
  * status:  new => accepted


Comment:

 In my testing, disabling the Omniiture (207.net) ruleset made no
 difference to this bug -- it's caused by the Microsoft ruleset.

 If I diff the Live HTTP Headers output for the AJAX request that opens
 those menus, I see this:

 `--- a    2011-11-14 23:31:32.395957451 -0800+++ b    2011-11-14
 23:31:49.707957286 -0800@@ -1,4 +1,4
 @@-https://msdn.microsoft.com/Platform/Controls/BPDownloadsList/TableofContents.asmx/GetProductFamiliesByProductGroupID+http://msdn.microsoft.com/Platform/Controls/BPDownloadsList/TableofContents.asmx/GetProductFamiliesByProductGroupID
 POST
 /Platform/Controls/BPDownloadsList/TableofContents.asmx/GetProductFamiliesByProductGroupID
 HTTP/1.1 Host: msdn.microsoft.com@@ -9,14 +9,13 @@ Accept-Charset:
 ISO-8859-1,utf-8;q=0.7,*;q=0.7 X-Requested-With: XMLHttpRequest Content-
 Type: application/json; charset=utf-8+Referer: http://msdn.microsoft.com
 /en-ca/subscriptions/downloads/default.aspx Content-Length: 89 DNT:
 1-Referer: http://msdn.microsoft.com/en-ca/subscriptions/downloads/default
 .aspx-Origin: http://msdn.microsoft.com Connection: keep-alive Pragma: no-
 cache Cache-Control: no-cache-{"brandCode":"msdn","localeCode":"en-
 ca","productGroupID":35,"isMyProductsEnabled":false}+{"brandCode":"msdn","localeCode
 ":"en-ca","productGroupID":65,"isMyProductsEnabled":false} HTTP/1.1 200 OK
 Cache-Control: private, max-age=0 Content-Type: application/json;
 charset=utf-8@@ -24,7 +23,7 @@ X-AspNet-Version: 4.0.30319 P3P: CP="ALL
 IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM
 INT NAV ONL PHY PRE PUR UNI" X-Powered-By: ASP.NET-Date: Tue, 15 Nov 2011
 07:29:56 GMT-ntCoent-Length: 1140+Date: Tue, 15 Nov 2011 07:30:40 GMT
 +ntCoent-Length: 1118 Content-Encoding: gzip-Content-Length: 306+Content-
 Length: 333`

 `By far the most likely problem there is the missing Origin: header.`
 Looks like we'll need a patch to stick that back in...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4278#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list