[tor-bugs] #9367 [HTTPS Everywhere: Chrome]: Rules block Amazon.de from playing MP3 previews from cloudfront

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 31 20:46:25 UTC 2013 

#9367: Rules block Amazon.de from playing MP3 previews from cloudfront
--------------------------------------+-------------------------------------
 Reporter:  mbunkus                   |          Owner:  pde
     Type:  defect                    |         Status:  new
 Priority:  normal                    |      Milestone:     
Component:  HTTPS Everywhere: Chrome  |        Version:     
 Keywords:  httpse-ruleset-bug        |         Parent:     
   Points:                            |   Actualpoints:     
--------------------------------------+-------------------------------------
 HTTPS-E version: 2013.7.10 for Chrome (version number not selectable in
 Trac's drop-down box, therefore I mention it here)
 Chrome version: 30.0.1581.2 dev-m on Windows (dev channel)

 When you go to Amazon.de and play the samples of an MP3 album with HTTPS-E
 enabled then the songs won't play. The requests look like this (tested
 with [www.amazon.de/Kaleidoscope/dp/B009QRIW7G/ this album]):

 Initial request:
 {{{
 http://www.amazon.de/gp/dmusic/get_sample_url.html/ref=dm_dp_trk2?ie=UTF8&ASIN=B009QRIWP8&CustomerID=A2V4DU8O56X6OX&DownloadLocation=WEBSITE
 }}}

 This receives a 302 redirect; next request:
 {{{
 http://d2q1srilgjznst.cloudfront.net/64%2F30%2F232802339_S64.mp3?Expires=1375389400&Signature=iAe69bMjCJe1hqXXJrQ2cxLmU01ZBrA068v4j6l4Mh6tGACaQ9w2l4Noz0uaTHZlCkpoVm77~8n3IzjwHq8nx7w6HI1cW
 ~aQ51xXUuf8E-
 fpvLzW8yqIWSdu0bKeWlXmWSDPAPNtWHgHVGrTeAWTUQag23Ax1cO8bMy3zxIHR-g_&Key-
 Pair-Id=APKAJVZTZLZ7I5XDXGUQ
 }}}

 This one gets rewritten by HTTPS-E to the following:
 {{{
 https://d2q1srilgjznst.cloudfront.net/64%2F30%2F232802339_S64.mp3?Expires=1375389400&Signature=iAe69bMjCJe1hqXXJrQ2cxLmU01ZBrA068v4j6l4Mh6tGACaQ9w2l4Noz0uaTHZlCkpoVm77~8n3IzjwHq8nx7w6HI1cW
 ~aQ51xXUuf8E-
 fpvLzW8yqIWSdu0bKeWlXmWSDPAPNtWHgHVGrTeAWTUQag23Ax1cO8bMy3zxIHR-g_&Key-
 Pair-Id=APKAJVZTZLZ7I5XDXGUQ
 }}}
 which receives a 403 forbidden.

 When I turn HTTPS-E off the first two requests look the same (apart from
 the random IDs, of course), but the second one (the http version of the
 cloudfront link) is not rewritten and returns the requested audio sample.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9367>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list