Opened 8 months ago

Last modified 8 months ago

#29119 new defect

Searching after start-up when about:tor is loaded returns "400 Bad Request" sometimes

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-regression, tbb-8.0-issues
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Some users noted that when doing a search right after start-up it happens sometimes that e.g. Startpage (and I think DuckDuckGo as well) return a "400 Bad Request".

I've been hitting this issue as well and I can reproduce it if I try hard enough (I need less than 10 attempts).

I think that behavior started with Tor Browser 8, thus setting the respective flags.

Comparing Tor Browser logs do not show anything unusual, though, weird.

That's on Linux. Not sure whether other platforms are affected.

Child Tickets

Change History (3)

comment:1 Changed 8 months ago by mcs

FWIW, I was able to reproduce this on macOS 10.13.6 with Tor Browser 8.5a6. It took about 15 attempts, searching DDG via the about:tor search box.

comment:2 Changed 8 months ago by cypherpunks

gk told me to come here from the blog:
https://blog.torproject.org/comment/279574#comment-279574

Linux x64
Tor Browser 8 to now (8.0.5)
TorButton "Safest"
DuckDuckGoOnion

I started to notice it in September 2018 around TBB 8, and it goes on to the present day. I use DuckDuckGoOnion from the URL bar or the broswer's UI search bar. The error "400 Bad Request nginx" usually appears on the first search after starting Tor Browser or a New Identity. When I click a second time, it always goes through ok from that point forward until 1) I reopen Tor Browser or make a New Identity or 2) less often in the same session when I haven't searched in a long time (30-90 minutes I think). While on "Safer," I think the error doesn't appear as often.

I can't speak for Startpage because I do not use it.

I don't know if the following relates, but I received it after successful searches on "Safest" on https://duckduckgo.com/html/ (not the onion) in the webpage UI's search box, not by searching from the URL bar or browser's UI search bar. The page was empty, white, and black text said:

We've detected that you have connected over Tor. There appears to be an issue with the Tor Exit Node you are currently using. Please recreate your Tor circuit or restart your Tor browser in order to fix this. If this error persists, please let us know: error-lite-tor @ duckduckgo.com

comment:3 Changed 8 months ago by cypherpunks

When this happens, you always get:

06:40:20.543 "Handler function threw an exception: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannelInternal.remoteAddress]"  nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame :: resource://devtools/shared/base-loader.js -> resource://devtools/shared/webconsole/network-monitor.js :: _onResponseHeader :: line 1369"  data: no]
Stack: _onResponseHeader@resource://devtools/shared/base-loader.js -> resource://devtools/shared/webconsole/network-monitor.js:1369:5
_dispatchActivity@resource://devtools/shared/base-loader.js -> resource://devtools/shared/webconsole/network-monitor.js:1011:9
NetworkMonitor.prototype.observeActivity<@resource://devtools/shared/base-loader.js -> resource://devtools/shared/webconsole/network-monitor.js:1073:7
exports.makeInfallible/<@resource://devtools/shared/base-loader.js -> resource://devtools/shared/ThreadSafeDevToolsUtils.js:109:14
Line: 1369, column: 0" 1 ThreadSafeDevToolsUtils.js:88:5
	reportException resource://devtools/shared/ThreadSafeDevToolsUtils.js:88:5
	exports.makeInfallible/< resource://devtools/shared/ThreadSafeDevToolsUtils.js:115:7

HAR:

{
  "log": {
    "version": "1.1",
    "creator": {
      "name": "Firefox",
      "version": "60.5.0"
    },
    "browser": {
      "name": "Firefox",
      "version": "60.5.0"
    },
    "pages": [
      {
        "startedDateTime": "2019-02-04T06:45:51.143+00:00",
        "id": "page_1",
        "title": "About Tor",
        "pageTimings": {
          "onContentLoad": -1549262751143,
          "onLoad": -1549262751143
        }
      }
    ],
    "entries": [
      {
        "pageref": "page_1",
        "startedDateTime": "2019-02-04T06:45:51.143+00:00",
        "request": {
          "bodySize": 0,
          "method": "POST",
          "url": "https://3g2upl4pq6kufc4m.onion/",
          "httpVersion": "",
          "headers": [
            {
              "name": "Host",
              "value": "3g2upl4pq6kufc4m.onion"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
            },
            {
              "name": "Accept",
              "value": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
            },
            {
              "name": "Accept-Language",
              "value": "en-US,en;q=0.5"
            },
            {
              "name": "Accept-Encoding",
              "value": "gzip, deflate, br"
            },
            {
              "name": "Content-Type",
              "value": "application/x-www-form-urlencoded"
            },
            {
              "name": "Content-Length",
              "value": "6"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Upgrade-Insecure-Requests",
              "value": "1"
            }
          ],
          "cookies": [],
          "queryString": [],
          "headersSize": 392
        },
        "response": {
          "status": 0,
          "statusText": "",
          "httpVersion": "",
          "headers": [
            {
              "name": "server",
              "value": "nginx"
            },
            {
              "name": "date",
              "value": "Mon, 04 Feb 2019 06:45:58 GMT"
            },
            {
              "name": "content-type",
              "value": "text/html; charset=UTF-8"
            },
            {
              "name": "content-length",
              "value": "166"
            },
            {
              "name": "strict-transport-security",
              "value": "max-age=0"
            },
            {
              "name": "x-frame-options",
              "value": "SAMEORIGIN"
            },
            {
              "name": "content-security-policy",
              "value": "default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'"
            },
            {
              "name": "x-xss-protection",
              "value": "1;mode=block"
            },
            {
              "name": "x-content-type-options",
              "value": "nosniff"
            },
            {
              "name": "referrer-policy",
              "value": "origin"
            },
            {
              "name": "expect-ct",
              "value": "max-age=0"
            },
            {
              "name": "X-Firefox-Spdy",
              "value": "h2"
            }
          ],
          "cookies": [],
          "content": {
            "mimeType": "text/html; charset=UTF-8",
            "size": 166,
            "text": "<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
          },
          "redirectURL": "",
          "bodySize": null
        },
        "cache": {},
        "timings": {
          "blocked": 5448,
          "dns": 0,
          "connect": 3764,
          "ssl": 0,
          "send": 0,
          "wait": 738,
          "receive": 1
        },
        "time": 9951,
        "_securityState": "secure"
      }
    ]
  }
}

I see "httpVersion": "".

Note: See TracTickets for help on using tickets.