[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #11621 [HTTPS Everywhere: Chrome]: Pinterest.com doesn't render properly
#11621: Pinterest.com doesn't render properly
--------------------------------------+---------------------
Reporter: offby1 | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: HTTPS Everywhere: Chrome | Version:
Keywords: | Actual Points:
Parent ID: | Points:
--------------------------------------+---------------------
See this screenshot:
https://www.dropbox.com/s/7f1zhqer2363mkt/Screenshot%202014-04-26%2022.37.40.png
Note that it says "Whoops! Something went wrong. Try again." at the
bottom; that shouldn't be there (in fact, there should be more pictures of
watches there).
Also, lots of important-looking messages appear in the console; here are a
few of them:
Failed to load resource: the server responded with a status of 400 (Bad
Request) https://a248.e.akamai.net/webapp/style/sprites/webapp-common-
main-1x.2b10c974.png
3
XMLHttpRequest cannot load
https://www.pinterest.com/resource/ContextLogResource/create/. No 'Access-
Control-Allow-Origin' header is present on the requested resource. Origin
'http://www.pinterest.com' is therefore not allowed access. (index):1
[Report Only] Refused to load the stylesheet
'https://a248.e.akamai.net/passets.pinterest.com.s3.amazonaws.com/webapp/style/app/desktop/bundle1.e55ce4e7.css'
because it violates the following Content Security Policy directive:
"default-src 'self' *.pinterest.com *.pinimg.com *.google.com
connect.facebook.net *.google-analytics.com https://*.facebook.com
*.facebook.com www.googleadservices.com googleads.g.doubleclick.net
*.tiles.mapbox.com *.4sqi.net media.pinterest.com.s3.amazonaws.com
'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly
set, so 'default-src' is used as a fallback.
(index):1
[Report Only] Refused to load the stylesheet
'https://a248.e.akamai.net/f/1586/2045/10m/passets-
ak.pinterest.com/webapp/style/app/desktop/bundle2.139567db.css' because it
violates the following Content Security Policy directive: "default-src
'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net
*.google-analytics.com https://*.facebook.com *.facebook.com
www.googleadservices.com googleads.g.doubleclick.net *.tiles.mapbox.com
*.4sqi.net media.pinterest.com.s3.amazonaws.com 'unsafe-inline' 'unsafe-
eval'". Note that 'style-src' was not explicitly set, so 'default-src' is
used as a fallback.
Disabling HTTPS Everywhere makes things work again.
A few other people have also run into this:
https://productforums.google.com/forum/#!topic/chrome/gf9-NjZxGjk
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11621>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs