Skip to content
This repository has been archived by the owner on Oct 28, 2019. It is now read-only.

HTTPS Everywhere "breaks" Enhanced Steam #101

Open
ghost opened this issue Aug 18, 2016 · 7 comments
Open

HTTPS Everywhere "breaks" Enhanced Steam #101

ghost opened this issue Aug 18, 2016 · 7 comments

Comments

@ghost
Copy link

ghost commented Aug 18, 2016

When having HTTPS Everywhere enabled, I get the following error using Enhanced Steam in Firefox 48:

One or more requests failed: 

http://api.enhancedsteam.com/storepagedata/?appid=327880&mcurl=http://www.metacritic.com/game/pc/sublevel-zero?ftag=MCD-06-10aaa1f
http://api.enhancedsteam.com/steamapi/GetPlayerSummaries/?steamids=true
http://api.enhancedsteam.com/pricev3/?subs=52659,&stores=steam,amazonus,impulse,gamersgate,greenmangaming,direct2drive,origin,uplay,indiegalastore,gamesplanet,indiegamestand,gog,dotemu,nuuvem,dlgamer,humblestore,squenix,bundlestars,fireflower,humblewidgets,newegg,gamesrepublic,coinplay,funstock,wingamestore,gamebillet,silagames,playfield,imperialgames,&cc=us&appid=327880&coupon=true

HTTPS Everywhere probably rewrites the URLs to https://api.enhancedsteam.com, as can be seen here: https://www.eff.org/https-everywhere/atlas/domains/enhancedsteam.com.html

Is this an error backendwise or is the HTTPS Everywhere rule invalid?
@ghost ghost mentioned this issue Aug 18, 2016
Closed
@dpeukert
Copy link

dpeukert commented Oct 3, 2016

I can confirm this issue.

@DawgNewb
Copy link

FYI, Its also break Chrome .

@anthonypants
Copy link

If the cost of the SSL certificates is an issue, you can set up Let's Encrypt: https://letsencrypt.org/

@jshackles
Copy link
Owner

The Enhanced Steam API works with SSL, as you can see by visiting here:

https://api.enhancedsteam.com/storepagedata/?appid=327880

I'm not sure why these requests fail when HTTPS everywhere is loaded. I assume it's making the page's CSP more restrictive by not allowing the cross-domain request even though it's specifically given access in the addon's manifest file.

@odie5533 odie5533 mentioned this issue May 3, 2017
Closed
@TonyV97
Copy link

TonyV97 commented Jun 17, 2017

Confirming that as of June 17 2017 the issue still stands, on Chrome and Windows 10 at least.
Newest version of Chrome, running on Windows 10 Home Version 1607 OS Build 14393.1358

For me personally, HTTPS everywhere not only won't auto-redirect to the secure protocol, it also seems to create an issue where when I manually type it in before the steam address, it disregards and overrides to unsecure. Odd.

@svg-frog
Copy link

svg-frog commented Jun 23, 2017
edited
Loading

With HTTPS Everywhere, you can disable forcing Enhanced Steam to be rewritten. This fixes the issue.
image

@TonyV97 @ghost

@seeeeew
Copy link

seeeeew commented Oct 24, 2017

Mostly fixed by jshackles/Enhanced_Steam#1452, can be closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@seeeeew @svg-frog @jshackles @dpeukert @anthonypants @DawgNewb @TonyV97