Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XOriginPolicy breaks icloud.com #850

Closed
CyBiS opened this issue Nov 23, 2019 · 4 comments
Closed

XOriginPolicy breaks icloud.com #850

CyBiS opened this issue Nov 23, 2019 · 4 comments
Labels
answered

Comments

@CyBiS
Copy link

CyBiS commented Nov 23, 2019
edited
Loading

Hi,

the setting network.http.referer.XOriginPolicy != 0 breaks https://www.icloud.com. A workaround is to use network.http.referer.XOriginPolicy = 0 and install the Smart Referer Addon for removing referers. Make sure to select the Addon's strict mode, disable the whitelist, disable the rewrite mode and use following manual exceptions (source -> destination):
www.icloud.com -> idmsa.apple.com
www.icloud.com -> appleid.apple.com
www.icloud.com -> appleid.cdn-apple.com EDIT: doesn't seem to be necessary

BR
@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Nov 23, 2019
edited
Loading

Indeed. The problem is cross origin is often used in a sort of authorizing / super-cookie flow logic: e.g using google to sign into youtube, or using facebook to sign into various services. It's why FPI breaks some stuff.

Thanks for the info. As the section 1600 header says "If you want any REAL control over referers and breakage, then use an extension" and 1603 pref already has a troubleshooting tag.

@crssi
Copy link

crssi commented Nov 23, 2019

I have this in SR: *.icloud.com>*.apple.com
Did't find any problems with www.icloud.com -> appleid.cdn-apple.com... where you have found that one? Any sample URL?

Otherwise here are my manuals: https://github.com/crssi/Firefox/blob/master/Smart_Referer-Whitelist.txt

@CyBiS
Copy link
Author

CyBiS commented Nov 23, 2019

Thanks for the info. As the section 1600 header says "If you want any REAL control over referers and breakage, then use an extension" and 1603 pref already has a troubleshooting tag.

Yes, documentation regarding potential breaks is present in the user.js file. This "issue" is just FYI, if users were wondering what cofiguration works for icloud.

I have this in SR: *.icloud.com>*.apple.com

This works as well of course, however, i favour whitelisting as less (sub)domains as necessary for a page to work.

Did't find any problems with www.icloud.com -> appleid.cdn-apple.com... where you have found that one? Any sample URL?

Thanks for pointing that out. Unfortunately I can't remember which issue exactly I had during debugging (maybe something related to creating a new Apple-ID), but appleid.cdn-apple.com was one of the resources listed in the JavaScript sources and the issue was gone after adding that. However, I just re-tested the icloud page without that setting and everything seems to work. So I guess this is indeed not needed. Might also explain why the web console doesn't show any errors for appleid.cdn-apple.com.

Otherwise here are my manuals: https://github.com/crssi/Firefox/blob/master/Smart_Referer-Whitelist.txt

Thx for sharing.

@crssi
Copy link

crssi commented Nov 23, 2019

I have this in SR: *.icloud.com>*.apple.com

This works as well of course, however, i favour whitelisting as less (sub)domains as necessary for a page to work.

That is true when the source and target domains are not the same company. 😉

@CyBiS CyBiS mentioned this issue Dec 27, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Thorin-Oakenpants @crssi @CyBiS