[tor-bugs] #21749 [Applications/Tor Browser]: bitcoin.de
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 20 14:49:07 UTC 2017
#21749: bitcoin.de
-------------------------------------------------+-------------------------
Reporter: globos | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-usability-website, ff52-esr- | Actual Points:
will-have |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* keywords: tbb-usability-website, ff52-esr => tbb-usability-website, ff52
-esr-will-have
Comment:
So, this works in a Firefox 52 based Tor Browser because there you get
redirected differently. More importantly, you get the usual Cloudflare
experience (that is a CAPTCHA is greeting you) and after solving that one
you proceed to the properly working bitcoin page.
Now, the reason for the different redirect is that the ESR 52 sends:
`Accept-Encoding: gzip, deflate, br` and the ESR 45 just `Accept-Encoding:
gzip, deflate`. This seems to me a bug in the Cloudflare setup. They have
probably just forgotten that there are still folks out there using ESR 45
and are exposed to the CAPTCHAs.
We can't fix that easily on our side as not sending the Brotli support was
explicitely done for ESR 45:
https://bugzilla.mozilla.org/show_bug.cgi?id=1254411 as backporting a
security fix was deemed too risky.
I hope to get hold of some Cloudflare folks this week who might be able to
check at least whether that is really a Cloudflare bug.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21749#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list