[tor-bugs] #18663 [Onionoo]: Onionoo bandwidth doc switches between readable and garbled responses when refreshing

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 28 04:19:17 UTC 2016


#18663: Onionoo bandwidth doc switches between readable and garbled responses when
refreshing
---------------------+---------------------
 Reporter:  dcf      |          Owner:
     Type:  defect   |         Status:  new
 Priority:  Medium   |      Milestone:
Component:  Onionoo  |        Version:
 Severity:  Normal   |     Resolution:
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
 Reviewer:           |        Sponsor:
---------------------+---------------------

Comment (by dcf):

 Here are the different headers for alternating retrieval of the bandwidth
 URL. The garbled text appears to be because of a missing `Content-
 Encoding: gzip`, but it is also missing `Last-Modified`, `Access-Control-
 Allow-Origin`, `Content-Type`, and `Cache-Control`.

 good:
 {{{
 Date: Mon, 28 Mar 2016 04:08:57 GMT
 Server: Jetty(8.y.z-SNAPSHOT)
 X-Content-Type-Options: nosniff
 X-Frame-Options: sameorigin
 X-Xss-Protection: 1
 Strict-Transport-Security: max-age=15768000
 Last-Modified: Mon, 28 Mar 2016 04:06:20 GMT
 Access-Control-Allow-Origin: *
 Content-Type: application/json;charset=utf-8
 Cache-Control: public, max-age=2400
 Content-Encoding: gzip
 Content-Length: 2545
 Keep-Alive: timeout=5, max=98
 Connection: Keep-Alive
 }}}

 garbled:
 {{{
 Date: Mon, 28 Mar 2016 04:12:10 GMT
 Server: Jetty(8.y.z-SNAPSHOT)
 X-Content-Type-Options: nosniff
 X-Frame-Options: sameorigin
 X-Xss-Protection: 1
 Strict-Transport-Security: max-age=15768000
 Content-Length: 2545
 Keep-Alive: timeout=5, max=100
 Connection: Keep-Alive
 }}}

 The difference in the details URL headers is similar, but the good one
 does not have `Content-Encoding: gzip` to begin with, which explains why
 it doesn't get garbled when `Content-Type` is missing.

 good:
 {{{
 Date: Mon, 28 Mar 2016 04:17:04 GMT
 Server: Jetty(8.y.z-SNAPSHOT)
 X-Content-Type-Options: nosniff
 X-Frame-Options: sameorigin
 X-Xss-Protection: 1
 Strict-Transport-Security: max-age=15768000
 Last-Modified: Mon, 28 Mar 2016 04:06:20 GMT
 Access-Control-Allow-Origin: *
 Content-Type: application/json;charset=utf-8
 Cache-Control: public, max-age=1800
 Content-Length: 519
 Keep-Alive: timeout=5, max=100
 Connection: Keep-Alive
 }}}

 bad:
 {{{
 Date: Mon, 28 Mar 2016 04:17:24 GMT
 Server: Jetty(8.y.z-SNAPSHOT)
 X-Content-Type-Options: nosniff
 X-Frame-Options: sameorigin
 X-Xss-Protection: 1
 Strict-Transport-Security: max-age=15768000
 Content-Length: 519
 Keep-Alive: timeout=5, max=100
 Connection: Keep-Alive
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18663#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list