Closed MothOnMars closed 1 year ago
tarcieri
commented
1 year ago FWIW I get an SSL verification error from http.rb. It loads in Chrome, though.
403 in particular is pretty strange, since that's a server-side access control error. Is it possible the server is introspecting the request headers?
MothOnMars
commented
1 year ago Anything is possible, as that is a US military domain.
I also get the SSL error on a different machine for both httprb and URI, even after updating my certs:
> HTTP.get('https://www.mhpcc.hpc.mil/').status
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
from /Users/marthacthompson/.rvm/gems/ruby-3.0.6@searchgov-rails42/gems/http-5.1.1/lib/http/timeout/null.rb:27:in `connect'Could a cert issue on my original test machine result in 404/403 responses? I can't figure out why httprb and URI would get different statuses on the same machine. FWIW, curling from that machine also succeeds:
$ curl -I https://www.mhpcc.hpc.mil/
HTTP/1.1 200 OK
Date: Wed, 17 May 2023 14:13:15 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: session=expiry=1684333395524847;Max-Age=600;path=/private;httponly;secure;;HttpOnly;secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: no-cache, private
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' puka.mhpcc.hpc.mil; object-src 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
Set-Cookie: httponly=expiry=1684333395524190;Max-Age=600;secure;HttpOnly;secure
Set-Cookie: httponly=expiry=1684333395524190;Max-Age=600;secure
Set-Cookie: session=expiry=1684333395524847;Max-Age=600;path=/private;httponly;secure;
$ curl -I https://www.mhpcc.hpc.mil/hardware/index.html
HTTP/1.1 200 OK
Date: Wed, 17 May 2023 14:13:40 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: session=expiry=1684333420678228;Max-Age=600;path=/private;httponly;secure;;HttpOnly;secure
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: no-cache, private
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' puka.mhpcc.hpc.mil; object-src 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8
Set-Cookie: httponly=expiry=1684333420677668;Max-Age=600;secure;HttpOnly;secure
Set-Cookie: httponly=expiry=1684333420677668;Max-Age=600;secure
Set-Cookie: session=expiry=1684333420678228;Max-Age=600;path=/private;httponly;secure;If it were just the SSL error you wouldn't get any status code at all. Is your other machine a Mac by any chance? That's what I was testing on.
MothOnMars
commented
1 year ago Thanks, that's what I figured.
The other machine that is returning the 4xx responses is Ubuntu Linux.
ixti
commented
1 year ago If URI.open works and http.get does not, it most likely server reacts on some request headers. Some that come in mind:
Try using HTTP.use(:auto_inflate).get(...)
MothOnMars
commented
1 year ago Thanks, but the result is the same:
> HTTP.use(:auto_inflate).get('https://www.mhpcc.hpc.mil/').status
=> 404
> HTTP.use(:auto_inflate).get('https://www.mhpcc.hpc.mil/hardware/index.html').status
=> 403As I said earlier, it reacts on some headers. From quick poking in firefox, I was able to make it fail with 404 by removing Accept header. So, I would assume adding that header should help:
HTTP
.headers(accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8")
.user(:auto_infalte)
.get('https://www.mhpcc.hpc.mil/')
.status
Steps:
GETrequest to https://www.mhpcc.hpc.mil/ or https://www.mhpcc.hpc.mil/hardware/index.htmlExpected Results
Actual Results
Notes Detailed logs:
Possibly related to https://github.com/httprb/http/issues/612.