Closed
Bug 1098092
Opened 10 years ago
Closed 7 years ago
itunes.apple.com - mixed content blocking on iTunes for product description
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: karlcow, Assigned: karlcow)
References
()
Details
(Whiteboard: [country-us] [js] [sitewait] [mcb])
+++ This bug was initially created as a clone of Bug #750689 +++ on page like http://itunes.apple.com/gb/app/design-museum-collection-for/id510964197?mt=8 There are a number of mixed content blocking issues. This is the log of Developer tools (security panel in the console). See https://developer.mozilla.org/en-US/docs/Security/MixedContent This creates issues in Firefox and in Chrome. 10:35:59.303 Loading mixed (insecure) display content on a secure page "http://a5.mzstatic.com/eu/r30/Purple/v4/58/7d/99/587d99ee-b3a2-e78d-2147-3ec6dfff67e2/screen480x480.jpeg"[Learn More] id510964197 10:35:59.305 Loading mixed (insecure) display content on a secure page "http://a1.mzstatic.com/eu/r30/Purple/v4/71/78/d2/7178d25f-5064-3d50-e2d3-c8b091a80b5b/screen480x480.jpeg"[Learn More] id510964197 10:35:59.305 Loading mixed (insecure) display content on a secure page "http://a3.mzstatic.com/eu/r30/Purple/v4/9d/c6/16/9dc616a6-4023-0042-aea3-2d8f9c3e83ae/screen480x480.jpeg"[Learn More] id510964197 10:35:59.306 Loading mixed (insecure) display content on a secure page "http://a4.mzstatic.com/eu/r30/Purple/v4/20/7f/a4/207fa427-ef5a-8b14-cfd6-37caceaf4cdd/screen480x480.jpeg"[Learn More] id510964197 10:35:59.306 Loading mixed (insecure) display content on a secure page "http://a2.mzstatic.com/eu/r30/Purple/v4/40/c2/4c/40c24cc1-c344-435d-a99a-d4ba5b593c19/screen480x480.jpeg"[Learn More] id510964197 10:36:02.073 Loading mixed (insecure) display content on a secure page "http://a2.mzstatic.com/eu/r30/Purple/v4/8a/70/f9/8a70f9dd-346b-00d0-c221-5d4c7272fb0d/icon100x100.png"[Learn More] web-storefront-base.js:482 10:36:02.074 Loading mixed (insecure) display content on a secure page "http://a4.mzstatic.com/eu/r30/Purple4/v4/ba/2d/87/ba2d87d8-81e0-923c-43a9-6c60433af959/icon100x100.png"[Learn More] web-storefront-base.js:482 10:36:02.074 Loading mixed (insecure) display content on a secure page "http://a2.mzstatic.com/eu/r30/Purple4/v4/55/53/25/5553258f-7dd8-e022-7625-a7842704f048/icon100x100.png"[Learn More] web-storefront-base.js:482 10:36:02.075 Loading mixed (insecure) display content on a secure page "http://a4.mzstatic.com/eu/r30/Purple3/v4/e3/07/ab/e307abcf-e8dc-8865-16b7-b9fa488f8a13/icon175x175.jpeg"[Learn More]
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → kdubost
Status: NEW → ASSIGNED
Whiteboard: [country-us] [js] [sitewait] → [country-us] [js] [sitewait] [mcb]
Assignee | ||
Comment 1•9 years ago
|
||
As of today, still not solved Loading mixed (insecure) display content "http://a5.mzstatic.com/eu/r30/Purple/v4/58/7d/99/587d99ee-b3a2-e78d-2147-3ec6dfff67e2/screen480x480.jpeg" on a secure page[Learn More] id510964197 Loading mixed (insecure) display content "http://a1.mzstatic.com/eu/r30/Purple/v4/71/78/d2/7178d25f-5064-3d50-e2d3-c8b091a80b5b/screen480x480.jpeg" on a secure page[Learn More] id510964197 Loading mixed (insecure) display content "http://a3.mzstatic.com/eu/r30/Purple/v4/9d/c6/16/9dc616a6-4023-0042-aea3-2d8f9c3e83ae/screen480x480.jpeg" on a secure page[Learn More] id510964197 Loading mixed (insecure) display content "http://a4.mzstatic.com/eu/r30/Purple/v4/20/7f/a4/207fa427-ef5a-8b14-cfd6-37caceaf4cdd/screen480x480.jpeg" on a secure page[Learn More] id510964197 Loading mixed (insecure) display content "http://a2.mzstatic.com/eu/r30/Purple/v4/40/c2/4c/40c24cc1-c344-435d-a99a-d4ba5b593c19/screen480x480.jpeg" on a secure page[Learn More] id510964197 Loading mixed (insecure) display content "http://a2.mzstatic.com/eu/r30/Purple4/v4/ba/2d/87/ba2d87d8-81e0-923c-43a9-6c60433af959/icon100x100.jpeg" on a secure page[Learn More] web-storefront-base.js:483:304 Loading mixed (insecure) display content "http://a2.mzstatic.com/eu/r30/Purple3/v4/0f/c9/a2/0fc9a25c-cbf9-2437-4ea0-6896e80d4f38/icon100x100.jpeg" on a secure page[Learn More] web-storefront-base.js:483:304 Loading mixed (insecure) display content "http://a5.mzstatic.com/eu/r30/Purple5/v4/fb/4d/99/fb4d99f1-7def-6e67-9304-4c157f89a563/icon100x100.jpeg" on a secure page[Learn More] web-storefront-base.js:483:304 Loading mixed (insecure) display content "http://a5.mzstatic.com/eu/r30/Purple1/v4/90/cb/16/90cb16df-f4c5-d4e0-2274-c8729f24e1c0/icon175x175.jpeg" on a secure page[Learn More] web-storefront-base.js:483:304 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.apple.com/ac/icons/1.0/fonts/appleicons_text.woff. (Reason: CORS header 'Access-Control-Allow-Origin' missing). <unknown> This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More] www.facebook.com Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.apple.com/ac/icons/1.0/fonts/appleicons_text.ttf. (Reason: CORS header 'Access-Control-Allow-Origin' missing). My contacts at Apple became… more than silent. :)
Comment 2•7 years ago
|
||
That URL tries to open iTunes for me, rather than a webpage. Karl, can you confirm?
Flags: needinfo?(kdubost)
Assignee | ||
Comment 3•7 years ago
|
||
They indeed must have changed something. This is not done at the HTTP level. HTTP/1.1 200 OK Access-Control-Allow-Origin: * Cache-Control: no-transform, max-age=0 Connection: keep-alive Content-Encoding: gzip Content-Length: 1754 Content-Type: text/html; charset=utf-8 Date: Mon, 10 Apr 2017 23:34:47 GMT Last-Modified: Mon, 10 Apr 2017 23:34:47 GMT Server: ATS/4.1.0 Vary: Accept-Encoding Vary: X-Apple-Store-Front, Cookie Vary: Accept-Encoding X-Apple-ATS-Cache-Key: /17.173.38.164/80/gb/app/design-museum-collection-for/id510964197/iDevice/https?mt=8 X-Apple-Partner: origin.0 X-Cache: TCP_MISS from a202-239-172-88.deploy.akamaitechnologies.com (AkamaiGHost/8.3.1.1-19669903) (-) X-Cache-Remote: TCP_MISS from a69-192-3-232.deploy.akamaitechnologies.com (AkamaiGHost/8.3.1.1-19669903) (-) apple-originating-system: MZStore apple-seq: 0 apple-timing-app: 5 ms apple-tk: false strict-transport-security: max-age=31536000 x-apple-aka-ttl: Generated Mon Apr 10 16:34:47 PDT 2017, Expires Mon Apr 10 16:34:47 PDT 2017, TTL 0s x-apple-application-instance: 2126532 x-apple-application-site: ST11 x-apple-asset-version: 0 x-apple-date-generated: Mon, 10 Apr 2017 23:34:47 GMT x-apple-jingle-correlation-key: 7UUWR73UQBHLCKLM44A2GKXAWM x-apple-lokamai-no-cache: true x-apple-orig-url: https://itunes.apple.com/gb/app/design-museum-collection-for/id510964197?mt=8 x-apple-request-store-front: <null> x-apple-request-uuid: fd2968ff-7480-4eb1-296c-e701a32ae0b3 x-apple-translated-wo-url: /WebObjects/MZStore.woa/wa/viewSoftware?mt=8&id=510964197&cc=gb&urlDesc=/design-museum-collection-for x-frame-options: SAMEORIGIN x-webobjects-loadaverage: 0 In the HTML, I can see <body onload="return its.detect.openItunes('https://itunes.apple.com/gb/app/design-museum-collection-for/id510964197?mt=8&ign-mscache=1');"> and the opening is done in https://itunes.apple.com/htmlResources/6c2fb39/web-storefront-preview.js
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(kdubost)
Resolution: --- → WORKSFORME
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•