Can not access embedded Google Map when Google APIs is set to use SSL

Reproduction steps:

1. Enable 'Google APIs' in the settings.
2. Go to http://www.noradsanta.org/en/index.html.

Expected: An embedded Google Map to appear.

Actual: A message box with the following text appeared: "The Google Maps API server rejected your request because you do not have permission to use this service over SSL."

Note: I'm using HTTPS-Everywhere 0.9.2 on Firefox 3.6.13, but I don't know how to choose that from the version selector.

Trac:
Username: hheimbuerger

added component::https everywhere/eff-https everywhere owner::pde priority::medium reporter::hheimbuerger resolution::fixed status::closed type::defect labels

Unfortunately that example site is offline now :(.  Does anyone have a different example site that reproduces the problem?

The Google APIs rule in 0.9.2 is here:

!https://gitweb.torproject.org/https-everywhere.git/blob/e37cce4190ef917da568a5033bc525bcb61f8d0d:/src/chrome/content/rules/GoogleAPIs.xml

But I'm really not sure which of those rules would be affecting google maps (as opposed to the development branch, which includes some gstatic rules...)

A subsequent report gave us a clearer repro for this. Go to http://www.redbox.com, and click on "find a redbox".

The HTTPS-E logs are:

Applicable rules for www.google.com: Google APIs Google Search GoogleServices Google Search GoogleServices Rewriting http://www.google.com/jsapi -> https://www.google.com/jsapi

Notifying observers of rewrite from http://www.google.com/jsapi to https://www.google.com/jsapi Forced URI https://www.google.com/jsapi Applicable rules for www.google.com: Google APIs Google Search GoogleServices Google Search GoogleServices ruleset_match_c excluded https://www.google.com/jsapi ruleset_match_c excluded https://www.google.com/jsapi ruleset_match_c excluded https://www.google.com/jsapi ruleset_match_c excluded https://www.google.com/jsapi Got observer topic: http-on-modify-request Got http-on-modify-request: https://www.google.com/jsapi Applicable rules for www.google.com: Google APIs Google Search GoogleServices Google Search GoogleServices ruleset_match_c excluded https://www.google.com/jsapi ruleset_match_c excluded https://www.google.com/jsapi ruleset_match_c excluded https://www.google.com/jsapi ruleset_match_c excluded https://www.google.com/jsapi Got replace channel with no applicable rules for URI https://www.google.com/jsapi Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://fls.doubleclick.net/activityi;src=2572656;type=actio548;cat=finda697;ord=1874473871463.4956? Applicable rules for 29.xg4ken.com: Applicable rules for 29.xg4ken.com: Got observer topic: http-on-modify-request Got http-on-modify-request: http://29.xg4ken.com/media/getpx.php?cid=94344318-d114-44a4-86c6-063ddfad74fb Applicable rules for 29.xg4ken.com: Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/getpx.php?cid=94344318-d114-44a4-86c6-063ddfad74fb Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://www.redbox.com/gen2.4.0/Content/themes/rb/images/red-primary-hover.png Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://www.redbox.com/gen2.4.0/Content/themes/rb/images/bg_lines.png Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://static.ak.fbcdn.net/connect/xd_proxy.php#cb=f38d7716b39ad8e&origin=http%3A%2F%2Fwww.redbox.com%2Ff1b17bd9cd988f6&relation=parent.parent&transport=postmessage&type=resize&height=30 Got observer topic: http-on-modify-request Got http-on-modify-request: http://ocsp.thawte.com/ Applicable rules for ocsp.thawte.com: Got replace channel with no applicable rules for URI http://ocsp.thawte.com/ Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://metrics.redbox.com/b/ss/rboxmainprod/1/H.20.3/s02585982923853?AQB=1&ndh=1&t=23/1/2011%2012%3A1%3A36%203%20480&vmt=4A821418&ns=redbox&pageName=FR%3A%20Location%20Search&g=http%3A//www.redbox.com/&cc=USD&c1=Find%20A%20Redbox&c2=FR%3A%20Location%20Search&v8=Not%20Logged%20In&c9=Not%20Logged%20In%3A%20FR%3A%20Location%20Search&c11=Not%20Logged%20In&v25=SiteTest2.0-B&s=1680x1050&c=24&j=1.7&v=N&k=Y&bw=1678&bh=907&p=Shockwave%20Flash%3B&AQE=1 Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://29.xg4ken.com/media/getpx.php?cid=94344318-d114-44a4-86c6-063ddfad74fb Got onChannelRedirect. Applicable rules for 29.xg4ken.com: Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/general.js Got observer topic: http-on-modify-request Got http-on-modify-request: http://29.xg4ken.com/media/general.js Applicable rules for 29.xg4ken.com: Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/general.js Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://29.xg4ken.com/media/general.js Applicable rules for 29.xg4ken.com: Applicable rules for 29.xg4ken.com: Got observer topic: http-on-modify-request Got http-on-modify-request: http://29.xg4ken.com/media/redir.php?track=1&id=94344318-d114-44a4-86c6-063ddfad74fb&type=storeloc&val=0.0&orderId=1874473871463.4956&promoCode=&valueCurrency=USD&ref=http://www.redbox.com/ Applicable rules for 29.xg4ken.com: Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/redir.php?track=1&id=94344318-d114-44a4-86c6-063ddfad74fb&type=storeloc&val=0.0&orderId=1874473871463.4956&promoCode=&valueCurrency=USD&ref=http://www.redbox.com/ Applicable rules for redbox.postclickmarketing.com: Applicable rules for redbox.postclickmarketing.com: Got observer topic: http-on-modify-request Got http-on-modify-request: http://redbox.postclickmarketing.com/Outside/Tag.ashx?tag=RBX_Results Applicable rules for redbox.postclickmarketing.com: Got replace channel with no applicable rules for URI http://redbox.postclickmarketing.com/Outside/Tag.ashx?tag=RBX_Results Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://ocsp.thawte.com/ Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://redbox.postclickmarketing.com/Outside/Tag.ashx?tag=RBX_Results Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in https://www.google.com/jsapi Exception hunting Set-Cookie in headers: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://https-everywhere/content/code/HTTPS.js :: anonymous :: line 160" data: no] Applicable rules for maps-api-ssl.google.com: Google Search GoogleServices ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps Applicable rules for maps-api-ssl.google.com: Google Search GoogleServices ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps Got observer topic: http-on-modify-request Got http-on-modify-request: https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps Applicable rules for maps-api-ssl.google.com: Google Search GoogleServices ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps Got replace channel with no applicable rules for URI https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in http://29.xg4ken.com/media/redir.php?track=1&id=94344318-d114-44a4-86c6-063ddfad74fb&type=storeloc&val=0.0&orderId=1874473871463.4956&promoCode=&valueCurrency=USD&ref=http://www.redbox.com/ Got observer topic: http-on-examine-response Got http-on-examine-response Cookie hunting in https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps Exception hunting Set-Cookie in headers: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://https-everywhere/content/code/HTTPS.js :: anonymous :: line 160" data: no]

Trac:
Actualpoints: N/A to N/A
Points: N/A to N/A
Status: new to assigned

It's the google.com/jsapi redirect that was causing the trouble above. This is now fixed in git, at the possible expense of some other uses of jsapi becoming less secure?

Actually this "fix" only went out in the development releases. Stable has still had this issue, although it isn't clear if it's still present or has been addressed somewhere at Google (Redbox is no longer a repro example, but it isn't clear if that's because they're now paying the https premium or whether the bug has simply been fixed).

I'm going to close this. If anyone sees it again, please reopen.

Trac:
Resolution: N/A to fixed
Status: assigned to closed

closed

moved to tpo/applications/https-everywhere-eff#2335 (closed)