[tor-bugs] #7857 [EFF-HTTPS Everywhere]: Amazon AWS breaks Epicmafia
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 1 21:16:10 UTC 2013
#7857: Amazon AWS breaks Epicmafia
----------------------------------+-----------------------------------------
Reporter: cypherpunks | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version: HTTPS-E 3.1.2
Keywords: httpse-ruleset-bug | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by mikkoharhanen):
I did some testing and here is what I found out:
EpicMafia.com without the rule set:
[OK] http://em.css.s3.amazonaws.com/style.css?2?1359734603
[OK] http://em.css.s3.amazonaws.com/images/logo.png
[OK] http://em.css.s3.amazonaws.com/images/facebook.png
EpicMafia.com with enabled rule set:
[OK] https://s3.amazonaws.com/em.css/style.css?2?1359734603
[403] https://s3.amazonaws.com/images/logo.png
[403] https://s3.amazonaws.com/images/facebook.png
Open image file without rule set:
[OK] http://em.css.s3.amazonaws.com/images/logo.png
Open image file rule set enabled:
[OK] https://s3.amazonaws.com/em.css/images/logo.png
I'm suspecting that style.css is the problem. EpicMafia uses CSS to show
images. Here is a clip from style.css:
{{{
.roleimg {
display: block;
background: url("/images/roleimg.png") no-repeat scroll right top
transparent;
height: 20px;
width: 20px;
}
}}}
The path to the image is /images/roleimg.png. This could be the culprit.
When the CSS file's url is redirected to s3.amazonaws.com/em.css/, it
tries to find the images from domain s3.amazonaws.com with the path
/images/roleimg.png instead of /em.css/images/roleimg.png.
I suppose we need to exclude style.css?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7857#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list