I'm working on an application that consumes the Canonical security API. The interaction between the application and the API was working flawlessly from various months (a year, maybe) ago until last week when the API started to respond with a binary payload.
The application is made in C++ and uses libcurl to perform the HTTP queries. And the API URL from where the content is downloaded is https://ubuntu.com/security/cves.json.
IMPORTANT: The binary payload response is not done always, but in a random way. Sometimes the payload has the expected format (JSON) and sometimes it is a binary. Anyway, if I try to download the whole security feed by performing various HTTP queries, it's very likely that one of them will receive the binary payload.
Apparently, the binary payload comes compressed in br format. In the image below, you can see the HTTP headers from the server response: At left, when the payload comes in JSON format, and at right, when the payload comes in binary format.
Summary
I'm working on an application that consumes the Canonical security API. The interaction between the application and the API was working flawlessly from various months (a year, maybe) ago until last week when the API started to respond with a binary payload.
The application is made in C++ and uses
libcurl
to perform the HTTP queries. And the API URL from where the content is downloaded is https://ubuntu.com/security/cves.json.IMPORTANT: The binary payload response is not done always, but in a random way. Sometimes the payload has the expected format (JSON) and sometimes it is a binary. Anyway, if I try to download the whole security feed by performing various HTTP queries, it's very likely that one of them will receive the binary payload.
Apparently, the binary payload comes compressed in
br
format. In the image below, you can see the HTTP headers from the server response: At left, when the payload comes in JSON format, and at right, when the payload comes in binary format.If I try to decompress it with
brotli
, I get:Payload example: outputfile.gz
Process
n/a
Current and expected result
Expected results: Payload always in JSON format.
Current results: Binary payload received in an arbitrary way.