Opened 9 years ago

Closed 8 years ago

#2335 closed defect (fixed)

Can not access embedded Google Map when Google APIs is set to use SSL

Reported by: hheimbuerger Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Reproduction steps:

  1. Enable 'Google APIs' in the settings.
  2. Go to http://www.noradsanta.org/en/index.html.

Expected:
An embedded Google Map to appear.

Actual:
A message box with the following text appeared: "The Google Maps API server rejected your request because you do not have permission to use this service over SSL."

Note: I'm using HTTPS-Everywhere 0.9.2 on Firefox 3.6.13, but I don't know how to choose that from the version selector.

Child Tickets

Change History (5)

comment:1 Changed 9 years ago by pde

Unfortunately that example site is offline now :(.  Does anyone have a different example site that reproduces the problem?

The Google APIs rule in 0.9.2 is here:

https://gitweb.torproject.org/https-everywhere.git/blob/e37cce4190ef917da568a5033bc525bcb61f8d0d:/src/chrome/content/rules/GoogleAPIs.xml

But I'm really not sure which of those rules would be affecting google maps (as opposed to the development branch, which includes some gstatic rules...)

comment:2 Changed 8 years ago by pde

Status: newassigned

A subsequent report gave us a clearer repro for this. Go to http://www.redbox.com, and click on "find a redbox".

The HTTPS-E logs are:

Applicable rules for www.google.com:

Google APIs
Google Search
GoogleServices
Google Search
GoogleServices

Rewriting http://www.google.com/jsapi -> https://www.google.com/jsapi

Notifying observers of rewrite from http://www.google.com/jsapi to https://www.google.com/jsapi
Forced URI https://www.google.com/jsapi
Applicable rules for www.google.com:

Google APIs
Google Search
GoogleServices
Google Search
GoogleServices

ruleset_match_c excluded https://www.google.com/jsapi
ruleset_match_c excluded https://www.google.com/jsapi
ruleset_match_c excluded https://www.google.com/jsapi
ruleset_match_c excluded https://www.google.com/jsapi
Got observer topic: http-on-modify-request
Got http-on-modify-request: https://www.google.com/jsapi
Applicable rules for www.google.com:

Google APIs
Google Search
GoogleServices
Google Search
GoogleServices

ruleset_match_c excluded https://www.google.com/jsapi
ruleset_match_c excluded https://www.google.com/jsapi
ruleset_match_c excluded https://www.google.com/jsapi
ruleset_match_c excluded https://www.google.com/jsapi
Got replace channel with no applicable rules for URI https://www.google.com/jsapi
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://fls.doubleclick.net/activityi;src=2572656;type=actio548;cat=finda697;ord=1874473871463.4956?
Applicable rules for 29.xg4ken.com:
Applicable rules for 29.xg4ken.com:
Got observer topic: http-on-modify-request
Got http-on-modify-request: http://29.xg4ken.com/media/getpx.php?cid=94344318-d114-44a4-86c6-063ddfad74fb
Applicable rules for 29.xg4ken.com:
Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/getpx.php?cid=94344318-d114-44a4-86c6-063ddfad74fb
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://www.redbox.com/gen2.4.0/Content/themes/rb/images/red-primary-hover.png
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://www.redbox.com/gen2.4.0/Content/themes/rb/images/bg_lines.png
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://static.ak.fbcdn.net/connect/xd_proxy.php#cb=f38d7716b39ad8e&origin=http%3A%2F%2Fwww.redbox.com%2Ff1b17bd9cd988f6&relation=parent.parent&transport=postmessage&type=resize&height=30
Got observer topic: http-on-modify-request
Got http-on-modify-request: http://ocsp.thawte.com/
Applicable rules for ocsp.thawte.com:
Got replace channel with no applicable rules for URI http://ocsp.thawte.com/
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://metrics.redbox.com/b/ss/rboxmainprod/1/H.20.3/s02585982923853?AQB=1&ndh=1&t=23/1/2011%2012%3A1%3A36%203%20480&vmt=4A821418&ns=redbox&pageName=FR%3A%20Location%20Search&g=http%3A//www.redbox.com/&cc=USD&c1=Find%20A%20Redbox&c2=FR%3A%20Location%20Search&v8=Not%20Logged%20In&c9=Not%20Logged%20In%3A%20FR%3A%20Location%20Search&c11=Not%20Logged%20In&v25=SiteTest2.0-B&s=1680x1050&c=24&j=1.7&v=N&k=Y&bw=1678&bh=907&p=Shockwave%20Flash%3B&AQE=1
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://29.xg4ken.com/media/getpx.php?cid=94344318-d114-44a4-86c6-063ddfad74fb
Got onChannelRedirect.
Applicable rules for 29.xg4ken.com:
Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/general.js
Got observer topic: http-on-modify-request
Got http-on-modify-request: http://29.xg4ken.com/media/general.js
Applicable rules for 29.xg4ken.com:
Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/general.js
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://29.xg4ken.com/media/general.js
Applicable rules for 29.xg4ken.com:
Applicable rules for 29.xg4ken.com:
Got observer topic: http-on-modify-request
Got http-on-modify-request: http://29.xg4ken.com/media/redir.php?track=1&id=94344318-d114-44a4-86c6-063ddfad74fb&type=storeloc&val=0.0&orderId=1874473871463.4956&promoCode=&valueCurrency=USD&ref=http://www.redbox.com/
Applicable rules for 29.xg4ken.com:
Got replace channel with no applicable rules for URI http://29.xg4ken.com/media/redir.php?track=1&id=94344318-d114-44a4-86c6-063ddfad74fb&type=storeloc&val=0.0&orderId=1874473871463.4956&promoCode=&valueCurrency=USD&ref=http://www.redbox.com/
Applicable rules for redbox.postclickmarketing.com:
Applicable rules for redbox.postclickmarketing.com:
Got observer topic: http-on-modify-request
Got http-on-modify-request: http://redbox.postclickmarketing.com/Outside/Tag.ashx?tag=RBX_Results
Applicable rules for redbox.postclickmarketing.com:
Got replace channel with no applicable rules for URI http://redbox.postclickmarketing.com/Outside/Tag.ashx?tag=RBX_Results
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://ocsp.thawte.com/
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://redbox.postclickmarketing.com/Outside/Tag.ashx?tag=RBX_Results
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in https://www.google.com/jsapi
Exception hunting Set-Cookie in headers: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://https-everywhere/content/code/HTTPS.js :: anonymous :: line 160" data: no]
Applicable rules for maps-api-ssl.google.com:

Google Search
GoogleServices

ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
Applicable rules for maps-api-ssl.google.com:

Google Search
GoogleServices

ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
Got observer topic: http-on-modify-request
Got http-on-modify-request: https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
Applicable rules for maps-api-ssl.google.com:

Google Search
GoogleServices

ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
ruleset_match_c excluded https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
Got replace channel with no applicable rules for URI https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in http://29.xg4ken.com/media/redir.php?track=1&id=94344318-d114-44a4-86c6-063ddfad74fb&type=storeloc&val=0.0&orderId=1874473871463.4956&promoCode=&valueCurrency=USD&ref=http://www.redbox.com/
Got observer topic: http-on-examine-response
Got http-on-examine-response
Cookie hunting in https://maps-api-ssl.google.com/maps/api/js?key=notsupplied&v=3.x&sensor=true&callback=google.loader.callbacks.maps
Exception hunting Set-Cookie in headers: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://https-everywhere/content/code/HTTPS.js :: anonymous :: line 160" data: no]

comment:3 Changed 8 years ago by pde

It's the google.com/jsapi redirect that was causing the trouble above. This is now fixed in git, at the possible expense of some other uses of jsapi becoming less secure?

comment:4 Changed 8 years ago by pde

Actually this "fix" only went out in the development releases. Stable has still had this issue, although it isn't clear if it's still present or has been addressed somewhere at Google (Redbox is no longer a repro example, but it isn't clear if that's because they're now paying the https premium or whether the bug has simply been fixed).

comment:5 Changed 8 years ago by pde

Resolution: fixed
Status: assignedclosed

I'm going to close this. If anyone sees it again, please reopen.

Note: See TracTickets for help on using tickets.