[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14120 [EFF-HTTPS Everywhere]: Akamai ruleset breaks steamcommunity.com in plaintext HTTP

Subject: Re: [tor-bugs] #14120 [EFF-HTTPS Everywhere]: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 06 Jan 2015 09:19:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Jan 2015 04:19:25 -0500
In-reply-to: <051.5b2a51c945c5921dd0462b4a77e4b1ec@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.5b2a51c945c5921dd0462b4a77e4b1ec@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14120: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
--------------------------------------+-----------------
     Reporter:  cypherpunks           |      Owner:
         Type:  defect                |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+-----------------

Comment (by cypherpunks):

 == CSP headers for https://steamcommunity.com/market ==


 script-src 'self' 'unsafe-inline' 'unsafe-eval'
 https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/
 http://www.google-analytics.com https://ssl.google-analytics.com; object-
 src 'none'; connect-src 'self' https://steamcommunity.com
 http://steamcommunity.com https://api.steampowered.com/; frame-src 'self'
 http://store.steampowered.com/ https://store.steampowered.com/
 http://www.youtube.com https://www.youtube.com; report-uri
 /actions/CSPReport


 report-uri is set so Steam should be getting reports (verified in Network
 tab in Firefox dev tools), but there may also be an issue in HTTPS
 Everywhere with the mixed content of Akamai enabled by default and Steam
 disabled by default.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14120#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #14120 [EFF-HTTPS Everywhere]: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #14120 [EFF-HTTPS Everywhere]: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
Next by Author: Re: [tor-bugs] #13949 [Tor Browser]: Local .pdfs are not shown in Tor Browser's PDF viewer
Previous by thread: Re: [tor-bugs] #14120 [EFF-HTTPS Everywhere]: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
Next by thread: Re: [tor-bugs] #13949 [Tor Browser]: Local .pdfs are not shown in Tor Browser's PDF viewer
Index(es):
- Author
- Thread