[tor-bugs] #14120 [EFF-HTTPS Everywhere]: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 6 09:19:15 UTC 2015
#14120: Akamai ruleset breaks steamcommunity.com in plaintext HTTP
--------------------------------------+-----------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------------------+-----------------
Comment (by cypherpunks):
== CSP headers for https://steamcommunity.com/market ==
script-src 'self' 'unsafe-inline' 'unsafe-eval'
https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/
http://www.google-analytics.com https://ssl.google-analytics.com; object-
src 'none'; connect-src 'self' https://steamcommunity.com
http://steamcommunity.com https://api.steampowered.com/; frame-src 'self'
http://store.steampowered.com/ https://store.steampowered.com/
http://www.youtube.com https://www.youtube.com; report-uri
/actions/CSPReport
report-uri is set so Steam should be getting reports (verified in Network
tab in Firefox dev tools), but there may also be an issue in HTTPS
Everywhere with the mixed content of Akamai enabled by default and Steam
disabled by default.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14120#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list