-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test the instance before showing it public #13
Comments
I had checked the instance upon your report earlier today and had gotten these errors as well, but at the time of this reply the issue seems to have gone away again. That host uses cloudflare and so I suspect that this was the cause of the glitch and not something that the underlying host did wrong. A test for the SRI-hashes can of course be implemented, but we should consider the following:
Would you have any additional suggestions or further ideas beyond these points? |
For me it's not
You're right, paste.jacl.tech use cloudflare and has the problem! Some are indicated as online (nopaste.xyz), has cloudflare, and return "Internal Server error" :(
It can be good to have this kind of process, "if SRI check fails during full check" => put a var saying that, and when "checks in between the full checks" appears, it do not test it and put it as offline because he has the var saying "SRI check failed" |
paste.jacl.tech seems to have that cloudflare issue with the SRI hashes, for me. That would be detected with the SRI check. What is weird though is that in the first requests the hashes are correct and then they fail in all subsequent requests and disabling the cache in the browser doesn't work around it. I'm really annoyed with cloudflare and the issues they cause for users of our software. nopaste.xyz doesn't have an issue with SRI hashes, but regardless what I paste, there is always an error storing the paste (error 500 in the POST request to the API). This is something serverside that the server admin has to analyse in their web server logs and get fixed. This would not be detected by the SRI check and would require a different kind of check. Basically to be really sure that it works end to end I would almost have to run a full browser stack, saving and retrieving a paste so that all possible error conditions could be detected (JS parsing errors, SRI hash mismatches, storing pastes, retrieving pastes, checking that burn-after-reading ones really get deleted, etc.) - such a thing would be far beyond the scope of this project.
Well, since the SRI check would only run once a day, marking the instance as offline between these daily checks would guarantee it getting deleted the next day as it will be below the 10% threshold: Lines 38 to 39 in 6e162f6
Thank you for your input and pointing me at these not-quite-online cases - I'll think about how I could better detect such semi-working instances (=HTML loads ok, but app non-functional for one reason or other). |
I have the case where you listed the instance privatebin.johnnybegood.fr:
And using it you are in the case "Loading… In case this message never disappears please have a look at this FAQ for information to troubleshoot."
The text was updated successfully, but these errors were encountered: