Asset canisters deployed under dfx >=0.13.1 responds with error for a request that has arbitrary characters in query string.
For example request with a query ?foo=%7B%22a%22%3A1%7D (which is the result of serialized state encodeURIComponent(JSON.stringify({a:1}))) leads to error:
“Response verification failed” on service worker “*.ic0.app” domain
“Body does not pass verification” on “*.raw.ic0.app” domain
As I understand double quote " is the cause of the error.
Even InternetIdentity website fails to load using url https://identity.ic0.app/?state=a%22s
The issue was that response verification currently was decoding the entire URL as a whole, what happened is that for these cases it would break the format for the URI when you have and encoded query string.
I’ve created a PR with a fix for that, i’ll post here again once we’ve released it.
There is a strange bug that is blocking me that could possibly be related.
When I try to use caching, I can spam the /health endpoint and it works fine. However, as soon as I try to hit the /.well-known/jwks.json endpoint, the first response works (not cached), but subsequent requests fail with “Body does not pass certification”. THEN, if I go back and try the ‘/health’ endpoint again it also fails now with the same error. If I wait long enough for cache to reset, I can repeat the sequence.
It seems like maybe an issue with URIs that have a ‘.’ in them?
Been looking into this more and I think it’s actually a problem with some dependencies or versions. It looks like no matter what the second route is it will break the cache. I’ve run the Motoko Http Server from the repo and it works fine but it fails in my project for some reason. Will keep debugging later.
Edit:
It ended up being a bug in the sha2 library. I upgraded to the latest (0.1.6) and it started working.