Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-55456

HTTP response with certain cache control headers is incorrectly cached by QNetworkDiskCache

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reported
    • Priority: P2: Important
    • Resolution: Unresolved
    • Affects Version/s: 5.7.0
    • Fix Version/s: None
    • Component/s: Network: Cache, WebKit
    • Labels:
      None
    • Environment:
      Arch Linux 64 bits VM

      Description

      Upon browsing to websites protected by services such as cloudflare, occasionally you receive a javascript challenge which your browser should evaluate and send back to the cloudflare backend (cloudflare "I'm under attack mode"). upon solving it you gain entrance to the website.
      It appears that Qt caches old challenges resulting in wrong answers given to cloudflare. Clearing the disk cache causes the problem to resolve temporarily.

      The reply from the site contain the following headers:

      HTTP/1.1 503 Service Temporarily Unavailable
      Date: Tue, 23 Aug 2016 09:23:17 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: close
      Set-Cookie: __cfduid=df1fbdc06b91a16fa61664d8adb3beb131471944197; expires=Wed, 23-Aug-17 09:23:17 GMT; path=/; domain=.abusewith.us; HttpOnly
      X-Frame-Options: SAMEORIGIN
      Cache-Control: no-cache
      Server: cloudflare-nginx
      CF-RAY: 2d6d81436b5e3bf3-CDG

      An example of a site where this is easily reproduced:
      http://abusewith.us

      EDIT:
      I've noticed that I can more easily reproduce this when I do the following:
      browse to a site such as the one above and go through the challenge.
      Clearing the cookies and trying to browse to said page once again.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              richmoore Richard Moore (qtnetwork)
              Reporter:
              ddev Yogev Hendel
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Gerrit Reviews

                There are no open Gerrit changes