This repository was archived by the owner on Jan 10, 2019. It is now read-only.
This repository was archived by the owner on Jan 10, 2019. It is now read-only.
California OVR sessions fail in Production #1
Description
CA registration forms submit correctly using the Charles HTTPS Proxy using TLSv1.2 with the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher over http/1.1
But in local testing on Mac OS X and in production on Heroku the same exact requests fail, with the CAOVR side redirecting back to the form start instead of the second step.
I have found slight differences in the X-Iinfo headers returned by the Incapsula CDN:
working:
X-Iinfo': '3-21072469-21072487 SNNN RT(1522442321719 325) q(0 0 0 0) r(1 1) U6
failed:
X-Iinfo': '4-30959012-30959013 SNNN RT(1522442261045 140) q(0 0 0 0) r(0 0) U6
The first field appears to be a UID, and the third is a timestamp The r(x x) field may be a clue, but I am not sure what it represents.