Enhanced_Steam_Firefox icon indicating copy to clipboard operation
Enhanced_Steam_Firefox copied to clipboard

Published 20 hours ago verified publisher icon jshackles

HTTPS Everywhere "breaks" Enhanced Steam

Open ghost opened this issue 8 years ago • 7 comments

When having HTTPS Everywhere enabled, I get the following error using Enhanced Steam in Firefox 48:

One or more requests failed: 

http://api.enhancedsteam.com/storepagedata/?appid=327880&mcurl=http://www.metacritic.com/game/pc/sublevel-zero?ftag=MCD-06-10aaa1f
http://api.enhancedsteam.com/steamapi/GetPlayerSummaries/?steamids=true
http://api.enhancedsteam.com/pricev3/?subs=52659,&stores=steam,amazonus,impulse,gamersgate,greenmangaming,direct2drive,origin,uplay,indiegalastore,gamesplanet,indiegamestand,gog,dotemu,nuuvem,dlgamer,humblestore,squenix,bundlestars,fireflower,humblewidgets,newegg,gamesrepublic,coinplay,funstock,wingamestore,gamebillet,silagames,playfield,imperialgames,&cc=us&appid=327880&coupon=true

HTTPS Everywhere probably rewrites the URLs to https://api.enhancedsteam.com, as can be seen here: https://www.eff.org/https-everywhere/atlas/domains/enhancedsteam.com.html

Is this an error backendwise or is the HTTPS Everywhere rule invalid?

ghost avatar Aug 18 '16 23:08 ghost

I can confirm this issue.

dpeukert avatar Oct 03 '16 18:10 dpeukert

FYI, Its also break Chrome .

DawgNewb avatar Mar 17 '17 22:03 DawgNewb

If the cost of the SSL certificates is an issue, you can set up Let's Encrypt: https://letsencrypt.org/

anthonypants avatar Apr 16 '17 01:04 anthonypants

The Enhanced Steam API works with SSL, as you can see by visiting here:

https://api.enhancedsteam.com/storepagedata/?appid=327880

I'm not sure why these requests fail when HTTPS everywhere is loaded. I assume it's making the page's CSP more restrictive by not allowing the cross-domain request even though it's specifically given access in the addon's manifest file.

jshackles avatar Apr 16 '17 02:04 jshackles

Confirming that as of June 17 2017 the issue still stands, on Chrome and Windows 10 at least. Newest version of Chrome, running on Windows 10 Home Version 1607 OS Build 14393.1358

For me personally, HTTPS everywhere not only won't auto-redirect to the secure protocol, it also seems to create an issue where when I manually type it in before the steam address, it disregards and overrides to unsecure. Odd.

TonyV97 avatar Jun 17 '17 18:06 TonyV97

With HTTPS Everywhere, you can disable forcing Enhanced Steam to be rewritten. This fixes the issue. image

@TonyV97 @ghost

svg-frog avatar Jun 23 '17 00:06 svg-frog

Mostly fixed by jshackles/Enhanced_Steam#1452, can be closed.

seeeeew avatar Oct 24 '17 09:10 seeeeew