search

airtower-luna / referer-mod

Web Extension to modify the Referer header in HTTP requests
https://addons.mozilla.org/en-US/firefox/addon/referer-modifier/
GNU General Public License v3.0
46 stars 13 forks source link

Login to tv.apple.com not possible #108

Closed bcutter closed 1 year ago

bcutter commented 1 year ago

Using

{
  "any": {
    "action": "remove",
    "referer": ""
  },
  "same": {
    "action": "keep",
    "referer": ""
  },
  "domains": []
}

does not allow to log in at https://tv.apple.com. After entering the mail address, the field for entering the password will never show up.

If the extension is disabled, it works without any issue.

How to whitelist this use-case?

bcutter commented 1 year ago

I thought it would work with

{
  "any": {
    "action": "remove",
    "referer": ""
  },
  "same": {
    "action": "keep",
    "referer": ""
  },
  "domains": [
    {
      "domain": "idmsa.apple.com",
      "action": "keep",
      "referer": "",
      "origin": "tv.apple.com"
    }
  ]
}

as I could login once. After trying it again I now only get

grafik

Maybe a server/Apple thing, as login still does not work (same error message) when Referer Modifier addon is disabled. Guess I hit some login rate limit.

airtower-luna commented 1 year ago

I'm not familiar with Apple services, so I can't say exactly how the rule would need to look. If that rule worked once and then not and now it doesn't matter if you disable the add-on it could be that there's another (additional) issue. Or that there's some caching issue or stored state (cookie, etc.) that keeps causing trouble.

If you want to make a very broad rule that keeps the Referer for requests between all apple.com subdomains, you'd need to set domain and origin to apple.com. <SAME> only applies within the exact domain, while a domain-specific rule covers subdomains. But again, I can't say if that'd help because I don't known those services, you'd have to check what requests actually happen and which fail (e.g. using developer tools).

bcutter commented 1 year ago

It was a server-side blocking due to too many login attempts. Using this works just fine (meaning: login possible without any issues).

grafik

Unfortunately I run into more and more issues caused by this addon recently. E. g. on www.lenovo.com certain elements do not load until this is set: grafik

So whenever a website does not behave or look like it should, now this addon is on top of my suspicious list (which was always right in the last weeks).

Feel free to close this issue.

airtower-luna commented 1 year ago

Thanks for the update, glad you got it working! :slightly_smiling_face: