[tor-bugs] #4278 [EFF-HTTPS Everywhere]: MSDN navigation breakage (due to Origin: header omission?) (was: MSDN navigation breakage)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Nov 15 07:39:48 UTC 2011
#4278: MSDN navigation breakage (due to Origin: header omission?)
----------------------------------+-----------------------------------------
Reporter: pde | Owner: pde
Type: defect | Status: accepted
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Changes (by pde):
* cc: mikeperry (added)
* status: new => accepted
Comment:
In my testing, disabling the Omniiture (207.net) ruleset made no
difference to this bug -- it's caused by the Microsoft ruleset.
If I diff the Live HTTP Headers output for the AJAX request that opens
those menus, I see this:
`--- a 2011-11-14 23:31:32.395957451 -0800+++ b 2011-11-14
23:31:49.707957286 -0800@@ -1,4 +1,4
@@-https://msdn.microsoft.com/Platform/Controls/BPDownloadsList/TableofContents.asmx/GetProductFamiliesByProductGroupID+http://msdn.microsoft.com/Platform/Controls/BPDownloadsList/TableofContents.asmx/GetProductFamiliesByProductGroupID
POST
/Platform/Controls/BPDownloadsList/TableofContents.asmx/GetProductFamiliesByProductGroupID
HTTP/1.1 Host: msdn.microsoft.com@@ -9,14 +9,13 @@ Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7 X-Requested-With: XMLHttpRequest Content-
Type: application/json; charset=utf-8+Referer: http://msdn.microsoft.com
/en-ca/subscriptions/downloads/default.aspx Content-Length: 89 DNT:
1-Referer: http://msdn.microsoft.com/en-ca/subscriptions/downloads/default
.aspx-Origin: http://msdn.microsoft.com Connection: keep-alive Pragma: no-
cache Cache-Control: no-cache-{"brandCode":"msdn","localeCode":"en-
ca","productGroupID":35,"isMyProductsEnabled":false}+{"brandCode":"msdn","localeCode
":"en-ca","productGroupID":65,"isMyProductsEnabled":false} HTTP/1.1 200 OK
Cache-Control: private, max-age=0 Content-Type: application/json;
charset=utf-8@@ -24,7 +23,7 @@ X-AspNet-Version: 4.0.30319 P3P: CP="ALL
IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM
INT NAV ONL PHY PRE PUR UNI" X-Powered-By: ASP.NET-Date: Tue, 15 Nov 2011
07:29:56 GMT-ntCoent-Length: 1140+Date: Tue, 15 Nov 2011 07:30:40 GMT
+ntCoent-Length: 1118 Content-Encoding: gzip-Content-Length: 306+Content-
Length: 333`
`By far the most likely problem there is the missing Origin: header.`
Looks like we'll need a patch to stick that back in...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4278#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list