Opened 7 years ago

Closed 7 years ago

#7000 closed defect (fixed)

Amazon AWS ruleset breaks some Amazon.com audio previews.

Reported by: jph6ttor Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: jph@…, dtauerbach Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

HTTPS Everywhere for Chrome is preventing song previews from playing on Amazon.

Try this link in Chrome:
http://www.amazon.com/MP3-Music-Download/

If I disable HTTPS Everywhere for Chrome the preview will play.

Note that this issue seems to be unique to the Chrome version of the extension. HTTPS Everywhere for Firefox does NOT interfere with song previews.

Child Tickets

Change History (7)

comment:1 Changed 7 years ago by pde

Resolution: worksforme
Status: newclosed

That link is a 404 for me. I can play Amazon song previews in Chrome with HTTPS Everywhere 2012.9.21, for instance on this page:

http://www.amazon.com/What-We-Saw-Cheap-Seats/dp/B007MDQW3W/ref=sr_1_2

Tagging "worksforme" for the moment, but please reopen if you have more examples that I can try to reproduce with.

comment:2 Changed 7 years ago by jph6ttor

Resolution: worksforme
Status: closedreopened

comment:3 Changed 7 years ago by jph6ttor

Note that the link you provided:
http://www.amazon.com/What-We-Saw-Cheap-Seats/dp/B007MDQW3W/ref=sr_1_2

With HTTPS Everywhere for Chrome disabled I can play the preview.

With HTTPS Everywhere for Chrome enabled I am prompted to save an M3U file.

comment:4 Changed 7 years ago by pde

Cc: dtauerbach added
Summary: HTTPS Everywhere for Chrome is preventing Amazon music previews from playingAmazon AWS ruleset breaks some Amazon.com audio previews.

Okay, with your Bruce Springsteen link I can reproduce this in both Firefox and Chrome. It seems to be the AWS ruleset that's covering it.

There is an additional bug in the Chrome version surfacing here, which is that the AWS, Akamai, and CloudFront rulesets aren't appearing in the context menu, even though they do on that page in Firefox. CC'ing Dan to see if he has any opinions on that.

comment:5 Changed 7 years ago by pde

Okay this looks like the problematic request:

{{{https://amazon-zg.s3.amazonaws.com/mp3logger.gif?event=onPlayerInit&sessionId=176-9183208-3548145

GET /mp3logger.gif?event=onPlayerInit&sessionId=176-9183208-3548145 HTTP/1.1
Host: amazon-zg.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://images-na.ssl-images-amazon.com/images/G/01/zeitgeist/mp3player/swf/zgMp3Player-1.0._V212274098_.swf

HTTP/1.1 403 Forbidden
x-amz-request-id: A4029C8B8A3D125D
x-amz-id-2: Ay7FgDlEmtbYeDP/8P98kbabGkRGktxzQM3Fu4QkkyEi1PgFV64zaO0xx5YFPYVY
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Thu, 04 Oct 2012 19:54:46 GMT
Server: AmazonS3}}}

comment:6 Changed 7 years ago by pde

Excluding that URL doesn't seem to be enough, because requesting mp3logger.gif via HTTP causes the Referrer to disappear, and it still 403s.

comment:7 Changed 7 years ago by pde

Resolution: fixed
Status: reopenedclosed
Note: See TracTickets for help on using tickets.