[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21749 [Applications/Tor Browser]: bitcoin.de
#21749: bitcoin.de
-------------------------------------------------+-------------------------
Reporter: globos | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-usability-website, ff52-esr- | Actual Points:
will-have |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* keywords: tbb-usability-website, ff52-esr => tbb-usability-website, ff52
-esr-will-have
Comment:
So, this works in a Firefox 52 based Tor Browser because there you get
redirected differently. More importantly, you get the usual Cloudflare
experience (that is a CAPTCHA is greeting you) and after solving that one
you proceed to the properly working bitcoin page.
Now, the reason for the different redirect is that the ESR 52 sends:
`Accept-Encoding: gzip, deflate, br` and the ESR 45 just `Accept-Encoding:
gzip, deflate`. This seems to me a bug in the Cloudflare setup. They have
probably just forgotten that there are still folks out there using ESR 45
and are exposed to the CAPTCHAs.
We can't fix that easily on our side as not sending the Brotli support was
explicitely done for ESR 45:
https://bugzilla.mozilla.org/show_bug.cgi?id=1254411 as backporting a
security fix was deemed too risky.
I hope to get hold of some Cloudflare folks this week who might be able to
check at least whether that is really a Cloudflare bug.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21749#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs