Opened 6 years ago

Last modified 2 years ago

#11868 new defect

Craigslist not displaying https Pictures

Reported by: RangerXus Owned by: zyan
Priority: High Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version: HTTPS-E 3.4.3
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm running FF 24 and HTTPS Everywhere 3.4.2. I have FF set to not display any mixed content (active or passive content). If I browse Craigslist with a HTTPS session and browse ads, the pictures for the ad are displayed from an HTTPS link with no problem. If I upgrade to any newer version of HTTPS Everywhere then the pictures are not displayed because their links now show as HTTP. The Craigslist rule in all version is the same so it must not be a rule problem. I notice the change log says with version 3.4.3 "Deprecate the ContentPolicy API, fixing a crash bug lurking since Firefox 20". Could this have broken something and created my problem? I am staying at 3.4.2 until fixed.

Child Tickets

Change History (5)

comment:1 Changed 6 years ago by zyan

Hmm, is Craigslist is loading images from an external origin? I also don't see any difference in the Craigslist rule from 3.4.2 to 3.4.3, so this seems mysterious.

comment:2 Changed 6 years ago by zyan

Can you give an example of a page where images are blocked?

comment:3 Changed 6 years ago by RangerXus

The pictures being loaded are from https://images.craigslist.org which is the same domain and are stored on the Craigslist site.

The problem occurs on all ads when I upgrade to HTTPS Everywhere 3.4.3 or higher.

If you want I can upgrade to the newest version so it fails and do some Craigslist searches and send you the links. Since version 3.4.2 doesn't fail, I would want to get in a failure situation to ensure the links are bad that I send you (I'm sure they will fail).

Thanks for replying.

comment:4 Changed 6 years ago by RangerXus

I ran a test using HTTPS 3.4.2 and then updated to 3.5.1 and repeated the test. The links for the pics were obtained from the FF Page Info / Media tab.

The ad I tested on is:
https://newyork.craigslist.org/jsy/abo/4462986177.html

$2200 - 800ft² - Luxury 800-sq ft Studio on high floor with NYC views (700 Grove Street)

HTTPS Everywhere 3.5.1
the image is loaded as http so it does not display as it is mixed content:
http://images.craigslist.org/01111_sG3LpL7tL0_600x450.jpg

HTTPS Everywhere 3.4.2
the image is loaded as HTTPS so there is not mixed content:
https://images.craigslist.org/01111_sG3LpL7tL0_600x450.jpg

comment:5 Changed 2 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.