Whitelist Frozen Shard's Facebook games #22
Conversation
@felipe, can you please review this flashsubdocexception whitelist change? This is the Facebook game we discussed last Friday. Frozen Shard's Facebook games load Flash from https://d1qzmgnbw7y2pl.cloudfront.net/, which is blocked by our flashsubdoc blocklist. We can whitelist Frozen Shard's cloudfront subdomain so their Flash loader is click-to-activate instead of hard blocked. Even if Frozen Shared's cloudfront domain expires and is later hijacked someone else, the risk of using this whitelisted subdomain to distribute drive-by Flash malware is low because Flash content will still be click-to-activate. https://apps.facebook.com/wwiitcg/ https://apps.facebook.com/monsterstcg/ https://apps.facebook.com/mythologiestcg/ https://apps.facebook.com/magicquesttcg/
|
I don't have review access on this repo, but the change looks good to me. That's the domain where their html iframe is hosted, right? |
Yes, the full URLs of their Flash games' HTML iframes look like https://d1qzmgnbw7y2pl.cloudfront.net/magicquesttcg/fb-prod/FSPreloader.html. @ckolos, when you have a chance, can you please merge this PR? |
|
Hey @cpeterso thanks for managing this. I'd like to add just in case that we also have swf files hosting Kongregate players. Those are also hosted under the same subdomain https://d1qzmgnbw7y2pl.cloudfront.net/ but with different suffixes: https://d1qzmgnbw7y2pl.cloudfront.net/wwiitcg/kong/FSPreloader.html As well as our test subfolders which are also under the same domain (we have a bunch of them) I guess you were planning like you said to whitelist the whole subdomain and this information will be irrelevant, but just in case I thought I'd add the reminder here. Thanks again! |
|
Thanks, @ckolos! @cgascons, it's OK that you have multiple Facebook and Kongregate games hosted on d1qzmgnbw7y2pl.cloudfront.net. Unblocking the entire subdomain allows you to add new games or move your files around. The blocklist changes can take 24–48 hours to reach Firefox users. If your Facebook games don't work after that, you can email me. |
|
Looking great so far @cpeterso, thanks for your time guys! |
@felipc, can you please review this flashsubdocexception whitelist change? This is the Facebook game we discussed last Friday.
Frozen Shard's Facebook games load Flash from https://d1qzmgnbw7y2pl.cloudfront.net/, which is blocked by our flashsubdoc blocklist. We can whitelist Frozen Shard's cloudfront subdomain so their Flash loader is click-to-activate instead of hard blocked. Even if Frozen Shared's cloudfront domain expires and is later hijacked someone else, the risk of using this whitelisted subdomain to distribute drive-by Flash malware is low because Flash content will still be click-to-activate.
Frozen Shard is also investigating whether they can move their Flash games to a different domain that is not blocked.
https://apps.facebook.com/wwiitcg/
https://apps.facebook.com/monsterstcg/
https://apps.facebook.com/mythologiestcg/
https://apps.facebook.com/magicquesttcg/