Skip to content
This repository has been archived by the owner on Nov 6, 2023. It is now read-only.

http://tesco.com/groceries/ #4615

Closed
DanAtkinson opened this issue Apr 12, 2016 · 14 comments
Closed

http://tesco.com/groceries/ #4615

DanAtkinson opened this issue Apr 12, 2016 · 14 comments
Labels
broken CSP ruleset-bug

Comments

@DanAtkinson
Copy link

The Tesco Groceries site renders incorrectly in HTTP when the extension is enabled.

Disabling the extension allows the website to show correctly.
@MDawg957
Copy link

Disabling the Tesco (partial) rule specifically should let it work till a proper fix can be implemented. The page loads correctly for me after I do that.

@DanAtkinson
Copy link
Author

I have also reached out to Tesco separately, asking them to look at this problem.

There's no logical reason why one of the largest supermarket chains in the world has an invalid SSL certificate on its homepage when loaded over HTTPS (https://www.tesco.com/).

The SSL certificate is attributed to a248.e.akamai.net.

@J0WI
Copy link
Contributor

J0WI commented May 11, 2016

The sites CSP blocks content from secure.tesco.com

galeksandrp added a commit to galeksandrp/https-everywhere that referenced this issue May 28, 2016
@galeksandrp
Fix EFForg#4615
6fb69ab
@danwdart
Copy link

I tried this partial one earlier on this week and got yet more issues from their site. I had to remove the whole site from consideration.

@DanAtkinson
Copy link
Author

It is rather ridiculous that they can't support https everywhere across their servers and have instead created this situation for themselves where it's a mishmash of secure/insecure pages. It's not even consistent. I can be on http pages and have personal data exposed for no good reason.

@J0WI
Copy link
Contributor

J0WI commented Oct 9, 2016

There is a proposal for the CSP spec, that hard coded http:// policies should be ignored by browsers, but it has not been implemented yet.

@gerv
Copy link

gerv commented Nov 28, 2016

This bug has been open six months; why not just remove the rule for Tesco from the HTTPSE ruleset, if it breaks things?

@rjgould
Copy link

rjgould commented Dec 6, 2016

Have to agree with @gerv I couldn't figure out why Firefox wasn't showing the site properly so just had to play the "check every AddOn" game to find out it was HTTPS Everywhere. I'd rather this was excluded so I can go back to using the addon continuously instead of having to switch it on and off.

@J0WI
Copy link
Contributor

J0WI commented Feb 11, 2017

This ruleset depends on a lot of other ones, but since there are so many issues with that site I'm fine with just disabling it.

@galeksandrp galeksandrp mentioned this issue Mar 28, 2017
Closed
@galeksandrp
Copy link
Contributor

Did this issue persist?

@J0WI
Copy link
Contributor

J0WI commented Apr 16, 2017

https://secure.tesco.com/groceries/ looks broken, but https://www.tesco.com/groceries/ WFM

@janipewter
Copy link

It does look like they have FINALLY fixed it

@Bisaloo Bisaloo mentioned this issue Feb 16, 2018
Merged
14 tasks
@Bisaloo
Copy link
Collaborator

Bisaloo commented Feb 19, 2018

Can we close this issue if this is fixed?

@DanAtkinson
Copy link
Author

They appear to have fixed their hodge-podge SSL problems, so I believe that this issue can be closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
broken CSP ruleset-bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@DanAtkinson @gerv @danwdart @rjgould @galeksandrp @J0WI @fuglede @Bisaloo @MDawg957 @janipewter