Https-everywhere: Fastly.net (partial) breaks functionality on spanishdict.com

Created on 31 Dec 2017  路  6Comments  路  Source: EFForg/https-everywhere

Type: ruleset issue

Domain: spanishdict.com

Steps to reproduce:

  1. Visit http://www.spanishdict.com/translate/video with HTTPS Everywhere enabled
  2. Click the button labelled "Spanish to English"
  3. Observe that the button is nonfunctional
  4. Disable the "Fastly.net (partial)" rule
  5. Click the button again
  6. Observe that the button now functions as expected
CORS-bugs
Source
picture mileskrell
👍2

All 6 comments

I'm having similar issues in Firefox Developer Edition 60.0b1 with HTTPS Everywhere 2018.02.26:

  • The "Menu" button at the top-left does nothing when clicked.
  • The "谩" button in the "Translate" button text field does nothing when clicked.
  • The "Spanish to English" tab does nothing when clicked.
  • Inline search suggestions for "Translate" button text field do not appear.
  • Content for "Word-by-word translation" pages never appears. (This type of translation occurs for terms that aren't in the dictionary such as "brand new"; see, for example, http://www.spanishdict.com/translate/brand%20new.)

The issues seem to be mitigated by disabling the "Fastly.net (partial)" rule.

Edit: I sent a feedback message to SpanishDict asking them to use HTTPS, which should moot this issue.

patrickdark picture patrickdark on 7 Mar 2018
👍1

Hi, thanks for reporting this. I looked into this previously and opened #12579, however I'm not sure how to resolve.

I work at SpanishDict and would love to see this fixed in HTTPS everywhere. As noted in #12579 it likely effects lots of other sites using fastly.

nanek picture nanek on 6 Apr 2018
👍1

For the record, I got in touch with a SpanishDict representative shortly after I posted here and they informed me that the site uses HTTPS for login pages, but deliberately does not do so for the rest of their website because they rely on advertising for revenue and at least one of their advertisers is incompatible with HTTPS.

That advertiser doesn't seem to be fastly.net though (as one might guess) since https://weather.com/, which also invokes that rule, seems to work fine with the "Fastly.net (partial)" rule enabled.

patrickdark picture patrickdark on 6 Apr 2018

@nanek, even if you are not ready to switch the whole website to HTTPS, could you use HTTPS for resources from fastly.net? It will likely solve this issue.

Bisaloo picture Bisaloo on 6 Apr 2018

@bisaloo Agreed, this would fix the issue. Unfortunately last we tested HTTPS for assets it increased our site load time. HTTPS is something we plan to revisit later this year with Fastly's http/2 endpoints, however in the meantime I'm making a PR for consideration to exclude our fastly domain from the rule to avoid breaking our site in the meantime.

nanek picture nanek on 9 Apr 2018

massive close per #15157

gloomy-ghost picture gloomy-ghost on 28 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cschanaj picture cschanaj  路  3Comments
raman325 picture raman325  路  4Comments
cschanaj picture cschanaj  路  4Comments
the8472 picture the8472  路  4Comments
austin987 picture austin987  路  5Comments