New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 784601 link

Starred by 3 users
Status: Untriaged
Owner: ----
Cc:
eustas@chromium.org
mmenke@chromium.org
kenjibaheux@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Enable Brotli by default in the Content layer

Project Member Reported by marshall@chromium.org, Nov 13 2017 
Chrome Version: M62, Master revision adb61db1 (#508578)
OS: Windows 10 64-bit

What steps will reproduce the problem?
(1) Load https://yep.video.yahoo.com/js/3/videoplayer-min.js?r=nextgen-desktop&lang=en-US&ypv=prod in an application based on the Content API (not Chromium/Chrome).

What is the expected result?
The URL should load.

What happens instead?
The URL fails to load with ERR_CONTENT_DECODING_FAILED.

Please use labels and text to provide additional information.
Yahoo's server ignores the "Accept-Encoding" value when the "User-Agent" string specifies Chrome (see below).

Starting with  issue #452335  Chrome/Chromium enables Brotli by default from chrome/browser/net/default_network_context_params.cc CreateDefaultNetworkContextParams. We should instead enable Brotli by default from ContentBrowserClient::CreateNetworkContext so that it applies to all Content API-based applications.

This problem is similar in concept to  issue #746421 .

$ curl -v "https://yep.video.yahoo.com/js/3/videoplayer-min.js?r=nextgen-desktop&lang=en-US&ypv=prod" -H "Accept-Encoding:gzip, deflate" -H "User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.0 Safari/537.36" > /dev/null

<deleted lines>
> GET /js/3/videoplayer-min.js?r=nextgen-desktop&lang=en-US&ypv=prod HTTP/1.1
> Host: yep.video.yahoo.com
> Accept: */*
> Accept-Encoding:gzip, deflate
> User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.0 Safari/537.36
>
< HTTP/1.1 200 OK
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Powered-By: Express
< Cache-Control: private, max-age=600
< Content-Type: text/javascript; charset=utf-8
< ETag: W/"d9944-bZZ3vnMSH6ehfe5xIlnFyOchuYo"
< x-mh2-env: videoplayer.yep;yep-appproductionbf1;prod_bf1_1;650361ca-c5a7-11e7-a1d9-d4ae5297450a;main
< Date: Mon, 13 Nov 2017 21:44:42 GMT
< Age: 241
< Via: http/1.1 a84.ue.bf1.yahoo.net (ApacheTrafficServer [cSsSfU]), http/1.1 media-ncache19.prod.media.bf1.yahoo.com (ApacheTrafficServer [cMsSf ]), http/1.1 media-ncache19.prod.media.bf1.yahoo.com (ApacheTrafficServer [cRs f ]), http/1.1 media-ncache7.prod.media.bf1.yahoo.com (ApacheTrafficServer [cMsSf ]), http/1.1 media-router18.prod.media.bf1.yahoo.com (ApacheTrafficServer [cRs f ]), http/1.1 e14.ycpi.cha.yahoo.com (ApacheTrafficServer [cMsSf ])
< Server: ATS
< Public-Key-Pins-Report-Only: max-age=2592000; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU="; pin-sha256="SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo="; pin-sha256="q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8="; pin-sha256="vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs="; pin-sha256="lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
< Content-Encoding: br
< Content-Length: 214213
< X-Bypass-Ssl-Transform: 1
< Vary: Accept-Encoding, bucket, X-Yahoo-Dc-Device-Type, X-Yahoo-Dc-Os-Name,X-Ssl
< Connection: keep-alive
<

$ curl -v "https://yep.video.yahoo.com/js/3/videoplayer-min.js?r=nextgen-desktop&lang=en-US&ypv=prod" -H "Accept-Encoding:gzip, deflate" > /dev/null

<deleted lines>
> GET /js/3/videoplayer-min.js?r=nextgen-desktop&lang=en-US&ypv=prod HTTP/1.1
> Host: yep.video.yahoo.com
> User-Agent: curl/7.46.0
> Accept: */*
> Accept-Encoding:gzip, deflate
>
< HTTP/1.1 200 OK
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Powered-By: Express
< Cache-Control: private, max-age=600
< Content-Type: text/javascript; charset=utf-8
< ETag: W/"d993b-zIJHyDZpPDsMwWeC6HCZBgELUOs"
< Content-Encoding: gzip
< x-mh2-env: videoplayer.yep;yep-appproductionbf1;prod_bf1_1;65013ee8-c5a7-11e7-a1d9-d4ae5297450a;main
< Date: Mon, 13 Nov 2017 21:49:02 GMT
< Age: 79
< Via: http/1.1 a14.ue.bf1.yahoo.net (ApacheTrafficServer [cMsSfW]), http/1.1 media-ncache19.prod.media.bf1.yahoo.com (ApacheTrafficServer [cSsSfU]), http/1.1 media-ncache19.prod.media.bf1.yahoo.com (ApacheTrafficServer [cHs f ]), http/1.1 media-ncache3.prod.media.bf1.yahoo.com (ApacheTrafficServer [cMsSf ]), http/1.1 media-router61.prod.media.bf1.yahoo.com (ApacheTrafficServer [cMsSfW]), http/1.1 e16.ycpi.cha.yahoo.com (ApacheTrafficServer [cMsSf ])
< Server: ATS
< Public-Key-Pins-Report-Only: max-age=2592000; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU="; pin-sha256="SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo="; pin-sha256="q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8="; pin-sha256="vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs="; pin-sha256="lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
< Content-Length: 245811
< X-Bypass-Ssl-Transform: 1
< Vary: Accept-Encoding, bucket, X-Yahoo-Dc-Device-Type, X-Yahoo-Dc-Os-Name,X-Ssl
< Connection: keep-alive
<

Comment 1 by rdsmith@chromium.org, Nov 14 2017

Cc: eustas@chromium.org mmenke@chromium.org
I don't understand how you get from "Yahoo's server ignores the "Accept-Encoding" value when the "User-Agent" string specifies Chrome (see below)." to "We should instead enable Brotli by default from ContentBrowserClient::CreateNetworkContext so that it applies to all Content API-based applications."  If a server is ignoring Accept-Encoding, that's a buggy server, and one I don't see how changing the enabling down to content would fix.

+mmenke@ for network service configuration issues, +eustas@ for Brotli issues.

Comment 2 by marshall@chromium.org, Nov 14 2017 

@rdsmith: Sorry for the unintentional conflation. The Yahoo server issue is what brought the Brotli configuration setup to my attention. I'm providing it here as an example of why having a different default Brotli configuration for Chrome and Content can be a problem.

We enable Brotli by default for Chrome. Is there some reason why we shouldn't enable it by default for Content as well?

Comment 3 by mmenke@chromium.org, Nov 14 2017 

While it may make sense to enable Brotli by default (Or better:  Remove the ability to disable it), I don't think we should do this as a workaround for a broken servers.  Yahoo's bugginess both makes it more difficult for us to remove/disable the feature if we ever need to, and also means that Yahoo won't use Brotli with third party browsers, which is bad for the web ecosystem.

Sign in to add a comment