[tor-bugs] #4593 [EFF-HTTPS Everywhere]: Breaks goodreads.com / cloudfront.net

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#4593: Breaks goodreads.com / cloudfront.net
----------------------------------+-----------------------------------------
 Reporter:  daw-bugzilla          |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Visiting http://www.goodreads.com/ with HTTPS Everywhere enabled causes
 some functionality of Goodreads to be broken.  In particular, some of the
 images are not properly displayed.

 To test: Create an account on Goodreads.  Go to the web page for some
 book, say this one:
 http://www.goodreads.com/book/show/29579.Foundation
 Rate the book 4 stars by clicking on the 4th star.  Notice how the
 leftmost 4 stars are now lit up to orange.  Now reload the page.  You will
 find that the orange is gone; all five stars are now shaded grey.

 Possibly related: If you open up the Firefox Error Console, you will see
 lots of errors.  Here is one that seems to be representative:

 Error: [Exception... "'Image HTTP->HTTPS redirection to
 https://dkt27ch3b0vq7.cloudfront.net/images/loading-trans.gif?1322099299'
 when calling method: [nsIContentPolicy::shouldLoad]"  nsresult:
 "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)"  location: "<unknown>"  data:
 no]

 There are dozens and dozens of these exceptions in the Error Console.

 It looks like Goodreads is using Amazon's Cloudfront service as a CDN, to
 host images.  Thus, the Goodreads web page has a HTTP link to something on
 cloudfront.net.  I'm guessing HTTPS Everywhere is rewriting the
 cloudfront.net URL to use HTTPS.  At some point in this chain it appears
 that something goes wrong, though I'm not sure what exactly.

 I can confirm that if I go to the HTTPS Everywhere preferences, select the
 Cloudfront site, and disable HTTPS Everywhere for that site, then
 everything seems to work fine: the page displays properly (the stars on
 the page show up orange, as they should), and there are no errors in the
 Firefox Error Console.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4593>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs