Rails server error with strange symbols in requests.accepts: "[\"\\xE2\\x80\\x8B/\\xE2\\x80\\x8B\"]"

Question

I routinely like to clean up 500 errors that come through Airbrake. I'm running a Rails 4.2.4 site in production and I get a recurring error which I'm finding quite puzzling.

The error is:

Missing partial shared/_rhs with {:locale=>[:en], :formats=>["\xE2\x80\x8B/\xE2\x80\x8B"], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby, :coffee, :haml, :jbuilder]}.

Looking at the env section of Airbrake for the error, the related section appears to be:

"action_dispatch.request.accepts": "[\"\\xE2\\x80\\x8B/\\xE2\\x80\\x8B\"]", "action_dispatch.request.content_type": "", "action_dispatch.request.flash_hash": "", "action_dispatch.request.formats": "[\"\\xE2\\x80\\x8B/\\xE2\\x80\\x8B\"]",

It looks like the browser (self-identifying as Chrome) is asking for an unrecognised format, but I have no idea why it would be doing so. It also seems to be asking for just the head.

I can just ignore it, but if anyone has any ideas as to why it occurs in the first place, I would be interested.

The full env (with identifying content items removed) is:

{ "DOCUMENT_ROOT": "[******]", "HTTPS": "on", "HTTP_ACCEPT": "​/​", "HTTP_ACCEPT_ENCODING": "gzip,deflate,sdch", "HTTP_ACCEPT_LANGUAGE": "en-US,en;q=0.8", "HTTP_CACHE_CONTROL": "no-cache", "HTTP_CONNECTION": "keep-alive", "HTTP_HOST": "[******]", "HTTP_PRAGMA": "no-cache", "HTTP_USER_AGENT": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.49 Safari/537.36", "ORIGINAL_FULLPATH": "[******]", "ORIGINAL_SCRIPT_NAME": "", "PASSENGER_APP_ENV": "live", "PASSENGER_APP_TYPE": "rack", "PASSENGER_SHOW_VERSION_IN_HEADER": "false", "PATH_INFO": "[******]", "QUERY_STRING": "", "REMOTE_ADDR": "[******]", "REMOTE_PORT": "47888", "REQUEST_METHOD": "HEAD", "REQUEST_URI": "[******]", "ROUTES_40753200_SCRIPT_NAME": "", "ROUTES_48254480_SCRIPT_NAME": "", "SCGI": "1", "SCRIPT_NAME": "", "SERVER_ADDR": "[******]", "SERVER_NAME": "[******]", "SERVER_PORT": "443", "SERVER_PROTOCOL": "HTTP/1.1", "SERVER_SOFTWARE": "nginx/1.6.0", "action_dispatch.cookies_digest": "", "action_dispatch.cookies_serializer": "", "action_dispatch.parameter_filter": "[\"password\"]", "action_dispatch.redirect_filter": "[]", "action_dispatch.remote_ip": "[******]", "action_dispatch.request.accepts": "[\"\\xE2\\x80\\x8B/\\xE2\\x80\\x8B\"]", "action_dispatch.request.content_type": "", "action_dispatch.request.flash_hash": "", "action_dispatch.request.formats": "[\"\\xE2\\x80\\x8B/\\xE2\\x80\\x8B\"]", "action_dispatch.request.parameters": { "action": "show_by_tag_and_slug", "controller": "[******]", "slug": "[******]", "tag": "[******]" }, "action_dispatch.request.path_parameters": { "action": "show_by_tag_and_slug", "controller": "[******]", "slug": "[******]", "tag": "[******]" }, "action_dispatch.request.query_parameters": "", "action_dispatch.request.request_parameters": "", "action_dispatch.request_id": "f120141c-58e6-4429-ad98-1ab352f1c7ce", "action_dispatch.show_detailed_exceptions": "false", "action_dispatch.show_exceptions": "true", "newrelic.transaction_started": "true", "preview_manager": "#<Preview::Manager:0x007fa334e8eca0>", "rack.hijack": "#<Proc:0x007fa34ee79020@/home/release/.rvm/gems/ruby-2.2.2/gems/passenger-4.0.53/lib/phusion_passenger/rack/thread_handler_extension.rb:69 (lambda)>", "rack.hijack?": "true", "rack.multiprocess": "true", "rack.multithread": "false", "rack.request.query_hash": "", "rack.request.query_string": "", "rack.run_once": "false", "rack.url_scheme": "https", "rack.version": "[\"1\", \"2\"]", "warden": "Warden::Proxy:70169690063580 @config={:default_scope=>:user, :scope_defaults=>{}, :default_strategies=>{:user=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#<Devise::Delegator:0x00000004e859a0>}" }

Answer 1

The characters \xE2\x80\x8B seem to be the zero-width space character in Unicode. That's why, if you paste the string to ruby console, you'll get the following:

"\xE2\x80\x8B/\xE2\x80\x8B"
# => "​/​"

I.e. seemingly just the slash / but actually surrounded by two zero-width spaces. I have no clue why a browser would send such characters in the Accepts header, it might be a bug in the browser or even some kind of an attack...