[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9367 [HTTPS Everywhere: Chrome]: Rules block Amazon.de from playing MP3 previews from cloudfront

To: undisclosed-recipients:;
Subject: [tor-bugs] #9367 [HTTPS Everywhere: Chrome]: Rules block Amazon.de from playing MP3 previews from cloudfront
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 31 Jul 2013 20:46:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 31 Jul 2013 16:46:37 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9367: Rules block Amazon.de from playing MP3 previews from cloudfront
--------------------------------------+-------------------------------------
 Reporter:  mbunkus                   |          Owner:  pde
     Type:  defect                    |         Status:  new
 Priority:  normal                    |      Milestone:     
Component:  HTTPS Everywhere: Chrome  |        Version:     
 Keywords:  httpse-ruleset-bug        |         Parent:     
   Points:                            |   Actualpoints:     
--------------------------------------+-------------------------------------
 HTTPS-E version: 2013.7.10 for Chrome (version number not selectable in
 Trac's drop-down box, therefore I mention it here)
 Chrome version: 30.0.1581.2 dev-m on Windows (dev channel)

 When you go to Amazon.de and play the samples of an MP3 album with HTTPS-E
 enabled then the songs won't play. The requests look like this (tested
 with [www.amazon.de/Kaleidoscope/dp/B009QRIW7G/ this album]):

 Initial request:
 {{{
 http://www.amazon.de/gp/dmusic/get_sample_url.html/ref=dm_dp_trk2?ie=UTF8&ASIN=B009QRIWP8&CustomerID=A2V4DU8O56X6OX&DownloadLocation=WEBSITE
 }}}

 This receives a 302 redirect; next request:
 {{{
 http://d2q1srilgjznst.cloudfront.net/64%2F30%2F232802339_S64.mp3?Expires=1375389400&Signature=iAe69bMjCJe1hqXXJrQ2cxLmU01ZBrA068v4j6l4Mh6tGACaQ9w2l4Noz0uaTHZlCkpoVm77~8n3IzjwHq8nx7w6HI1cW
 ~aQ51xXUuf8E-
 fpvLzW8yqIWSdu0bKeWlXmWSDPAPNtWHgHVGrTeAWTUQag23Ax1cO8bMy3zxIHR-g_&Key-
 Pair-Id=APKAJVZTZLZ7I5XDXGUQ
 }}}

 This one gets rewritten by HTTPS-E to the following:
 {{{
 https://d2q1srilgjznst.cloudfront.net/64%2F30%2F232802339_S64.mp3?Expires=1375389400&Signature=iAe69bMjCJe1hqXXJrQ2cxLmU01ZBrA068v4j6l4Mh6tGACaQ9w2l4Noz0uaTHZlCkpoVm77~8n3IzjwHq8nx7w6HI1cW
 ~aQ51xXUuf8E-
 fpvLzW8yqIWSdu0bKeWlXmWSDPAPNtWHgHVGrTeAWTUQag23Ax1cO8bMy3zxIHR-g_&Key-
 Pair-Id=APKAJVZTZLZ7I5XDXGUQ
 }}}
 which receives a 403 forbidden.

 When I turn HTTPS-E off the first two requests look the same (apart from
 the random IDs, of course), but the second one (the http version of the
 cloudfront link) is not rewritten and returns the requested audio sample.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9367>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9366 [Tor]: "ORPort ... Noadvertise" means your bridge silently doesn't work
Next by Author: [tor-bugs] #9368 [Tor]: Turn static throttling on in the live network
Previous by thread: Re: [tor-bugs] #9366 [Tor]: "ORPort ... Noadvertise" means your bridge silently doesn't work
Next by thread: [tor-bugs] #9368 [Tor]: Turn static throttling on in the live network
Index(es):
- Author
- Thread