Opened 6 years ago

Closed 4 years ago

#10214 closed defect (fixed)

HTTPS Everywhere Breaks Amazon mp3 Previews

Reported by: atagar Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Sweet, this has been puzzling me for a while...

Repro Steps:

Platform: Firefox 25.0.1, Ubuntu Ubuntu 12.04.3 LTS with HTTPS Everywhere enabled

  1. Go to any amazon mp3 page, for instance this.
  2. Click either 'Preview all songs' or the play icon next to any song.

Expected:

Sample preview.

Actual:

Fails with 'Error 3'.

This issue is related to the CloudFront rule (disabling that makes the page work).

Cheers! -Damian

PS. On a side note we should rename the HTTPS Everywhere components to be consistent. We have both 'EFF-HTTPS Everywhere' and 'HTTPS Everywhere: Chrome'. They're sorted alphabetically so they should start with the same prefix.

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by atagar

Not sure if it helps, but during the ajax activity for previews it references this - xml response:

<Error><Code>AccessDenied</Code><Message>Access denied</Message></Error>

comment:2 Changed 6 years ago by atagar

Looks like there's a couple other tickets concerning this: #9851 and #9367

comment:3 in reply to:  description Changed 6 years ago by cypherpunks

Replying to atagar:

Chrome 30 and 31 it's broken as well. If you look in the console, you see there are several CORS security errors due to mixed content of some sort. The development amazon rules don't change anything. Works if you disable HTTPS Everywhere extension and reload the page.

XMLHttpRequest cannot load https://www.amazon.com/gp/deal... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.amazon.com' is therefore not allowed access.

comment:4 Changed 4 years ago by cypherpunks

Resolution: fixed
Severity: Normal
Status: newclosed

It looks like the Cloudfront rule is not applied there any longer.

Note: See TracTickets for help on using tickets.