Details
-
Bug
-
Resolution: Won't Do
-
P2: Important
-
None
-
5.7.0
-
None
-
Arch Linux 64 bits VM
Description
Upon browsing to websites protected by services such as cloudflare, occasionally you receive a javascript challenge which your browser should evaluate and send back to the cloudflare backend (cloudflare "I'm under attack mode"). upon solving it you gain entrance to the website.
It appears that Qt caches old challenges resulting in wrong answers given to cloudflare. Clearing the disk cache causes the problem to resolve temporarily.
The reply from the site contain the following headers:
HTTP/1.1 503 Service Temporarily Unavailable
Date: Tue, 23 Aug 2016 09:23:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=df1fbdc06b91a16fa61664d8adb3beb131471944197; expires=Wed, 23-Aug-17 09:23:17 GMT; path=/; domain=.abusewith.us; HttpOnly
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
Server: cloudflare-nginx
CF-RAY: 2d6d81436b5e3bf3-CDG
An example of a site where this is easily reproduced:
http://abusewith.us
EDIT:
I've noticed that I can more easily reproduce this when I do the following:
browse to a site such as the one above and go through the challenge.
Clearing the cookies and trying to browse to said page once again.