Fallbacks from https to http update checks behave unexpectedly if x-retry-after header is used. |
||
Issue descriptionAn update check initiated by the component updater may fail with Error::ERROR_UPDATE_RETRY_LATER. This is due to throttling of this update check because of a buggy timing implementation. https://codereview.chromium.org/1740333002 introduced a mechanism for the component update checks to fallback from https to http (both with message signing) for reliability reasons. The rub for this change was the fallback must not happen for components which are privacy-sensitive, such as supervised whitelists. Therefore, the component updater creates two buckets of components (the ones which don't require wire privacy, and the ones which do), then it issues two concurrent update checks. The former can use fallbacks, the latter can't. An unrelated feature in the component updater implements a cooldown mechanism for the update checks as a DDOS protection. This feature uses the time between successive requests to rejects requests coming in too "fast". The throttling code misuses the time, and rejects the second request made by the component updater for the privacy-sensitive components.
,
Jan 11
You started fixing this bug over two years ago. Are you still working on it?
,
Jan 14
I don't think so. Switching to assigned. |
||
►
Sign in to add a comment |
||
Comment 1 by sorin@chromium.org
, Sep 12 2016