ABE blocking last.fm Spotify integration

Discussions about the Application Boundaries Enforcer (ABE) module
Lej

ABE blocking last.fm Spotify integration

Post by Lej »

When ABE is enabled last.fm fails to connect to Spotify (disabling ABE fixes the problem). The Firefox console is filled with messages looking something like:

Code: Select all

21:30:40.631 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://gfcqfnwmey.spotilocal.com:4370/remote/pause.json?pause=true&csrf=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&oauth=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ref=http%3A%2F%2Fwww.last.fm%2Fhome&cors=. (Reason: CORS request failed).1 <unknown>
I think spotilocal.com is my Spotify client's API (it resolves to 127.0.0.1).

How can I configure ABE to allow last.fm to connect to Spotify?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE blocking last.fm Spotify integration

Post by barbaz »

That message is not from ABE. Please post here the message in the console starting with "[ABE]".
*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE blocking last.fm Spotify integration

Post by barbaz »

Hang on... looking again at that console message, see what this does:
NoScript Options > Advanced > ABE > SYSTEM, add at the very top

Code: Select all

Site ^https://[^/:]*\.spotilocal\.com[/:]
Accept from www.last.fm
*Always* check the changelogs BEFORE updating that important software!
-
Lej

Re: ABE blocking last.fm Spotify integration

Post by Lej »

barbaz wrote:Hang on... looking again at that console message, see what this does:
NoScript Options > Advanced > ABE > SYSTEM, add at the very top

Code: Select all

Site ^https://[^/:]*\.spotilocal\.com[/:]
Accept from www.last.fm
Did not solve my problem. I pasted the above at the top of SYSTEM ending up with:

Code: Select all

Site ^https://[^/:]*\.spotilocal\.com[/:]
Accept from www.last.fm

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Console still gets filled with blocked requests. The request addresses differ slightly depending on what you are trying to do (start, pause, skip, etc). The port also seems random. For example this time I saw a lot of copies of the following but with different port numbers:

Code: Select all

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://ciqkfrjwxb.spotilocal.com:4380/service/version.json?service=remote&ref=http%3A%2F%2Fwww.last.fm%2Fhome&cors=. (Reason: CORS request failed). <unknown>
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE blocking last.fm Spotify integration

Post by barbaz »

Then please post the message(s) from ABE as suggested above, since the messages about the failed CORS request evidently doesn't provide enough information. Thanks
*Always* check the changelogs BEFORE updating that important software!
-
Lej

Re: ABE blocking last.fm Spotify integration

Post by Lej »

barbaz wrote:Then please post the message(s) from ABE
As far as I can tell there are no messages from ABE (containing "[ABE]") in the Web Console.

However, as mentioned earlier, it works if I disable ABE.
I also noticed that it works if I change SYSTEM from:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
to:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept
Which if I understand it correctly means that it accepts all requests to local resources (not just from last.fm as I would want it to).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE blocking last.fm Spotify integration

Post by barbaz »

Lej wrote:Which if I understand it correctly means that it accepts all requests to local resources (not just from last.fm as I would want it to).
You understand correctly. As a test, let's see if what you want (taking your quoted statement completely literally) works:
change the SYSTEM rule to

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL .last.fm
Deny
If it doesn't work there is something else not LOCAL involved here, and without seeing the ABE console message(s) I can't help further, sorry.
(Could they be getting pushed out by other messages, can you increase the scrolback limit of the Browser Console somehow? maybe http://forums.mozillazine.org/viewtopic ... &t=2882867?)
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply