Why is Internet Explorer 11 not decrypting this javascript?
Recently , IE update seems to have broken some of our onboard device customization programs.
The embedded device is very limited space, so we pre-use all of our large resources and use Content-Encoding
to tell the browser that it should destroy the resource. This has always worked well in IE before, and works great in Firefox and Chrome today. Obviously browsers that don't support gzip won't work, but they are rare enough that we don't worry about them.
Something similar to IE making a javascript request and trying to evaluate the actual gzip bytes instead of gunzipping and character evaluations, which are javascript code.
I've looked at the requests in wireshark and mitmproxy and nothing seems too out of the ordinary. Here are the request and headers that IE is sending (recorded with mitmproxy):
GET /extall.js.gz HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://10.242.2.10:3001/index.htm
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 10.242.2.10:3001
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
And here is the response data, with a body (gzipped data).
HTTP/1.0 200 OK
Date: Wed, 27 Aug 2014 19:12:54 GMT
Server: Foo
Content-type: text/javascript; charset=utf-8
Content-Encoding: gzip
Content-Length: 203228
...
For what it's worth, I hacked the basic test case illustrated by the headings above with only some Perl code, because messing around with hardware is a problem. As far as I can tell, the easiest way to trigger an IE problem is to set the Content-Encoding header to gzip
and just gzip the body ahead of time, instead of using the usual mod_deflate or whatever.
NOTE : IE is asking for app / javascript. I changed our content type to capitulate and it doesn't help.
source to share