[tor-bugs] #18663 [Onionoo]: Onionoo doesn't send certain headers on even-numbered responses

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 28 18:01:46 UTC 2016


#18663: Onionoo doesn't send certain headers on even-numbered responses
---------------------+--------------------------
 Reporter:  dcf      |          Owner:  karsten
     Type:  defect   |         Status:  accepted
 Priority:  Medium   |      Milestone:
Component:  Onionoo  |        Version:
 Severity:  Normal   |     Resolution:
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
 Reviewer:           |        Sponsor:
---------------------+--------------------------
Changes (by karsten):

 * owner:   => karsten
 * status:  new => accepted


Comment:

 Interesting bug!  Here's a preliminary analysis:

  - This bug seems unrelated to even-numbered responses and only dependent
 on the headers included in the request.
  - Two headers that must be included in the request to reproduce this
 problem are `"Accept-Encoding: gzip"` and `"Cache-Control: max-age=0"`.
 Note that the second header disables Apache caching and lets Jetty answer
 all requests.
  - Another header that must be included to reproduce this problem and that
 produces different results based on its value is `"If-Modified-Since:"`:
    - older than `"Last-Modified"` time: 200 result, gzipped with
 `"Content-Encoding"` header in response.  All is fine here.
    - same as `"Last-Modified"` time: 200 result, gzipped '''without'''
 `"Content-Encoding"` header in response.  This is a bug.
    - newer than `"Last-Modified"` time: 304 result without body.  All is
 fine.

 I don't know yet what exactly leads to the bug case.

 In order to reproduce this problem, fetch an Onionoo document and replace
 the timestamps below with values smaller/equal to/larger than the returned
 `"Last-Modified"` timestamp.

 {{{
 curl -H "If-Modified-Since: Mon, 28 Mar 2016 12:53:59 GMT" -H "Accept-
 Encoding: gzip" -H "Cache-Control: max-age=0" -v
 https://onionoo.torproject.org/bandwidth?lookup=88F745840F47CE0C6A4FE61D827950B06F9E4534
 > /dev/null
 curl -H "If-Modified-Since: Mon, 28 Mar 2016 12:54:00 GMT" -H "Accept-
 Encoding: gzip" -H "Cache-Control: max-age=0" -v
 https://onionoo.torproject.org/bandwidth?lookup=88F745840F47CE0C6A4FE61D827950B06F9E4534
 > /dev/null
 curl -H "If-Modified-Since: Mon, 28 Mar 2016 12:54:01 GMT" -H "Accept-
 Encoding: gzip" -H "Cache-Control: max-age=0" -v
 https://onionoo.torproject.org/bandwidth?lookup=88F745840F47CE0C6A4FE61D827950B06F9E4534
 > /dev/null
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18663#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list