Discussion:
Amazon broken (HTTP 204)
Aahz Maruch
2014-06-30 17:01:36 UTC
Permalink
Howdy,

Amazon broke Lynx about three months ago; I tried chatting with them
today, but they won't even give me a bug number (although they claim
they'll forward a message to their technical team). Because "links"
works with Amazon, I figured I'd try asking y'all whether there's
something you can do.

There are actually two problems:

* The newer problem is that using Amazon's "mobile/accessibility"
subsite causes an HTTP 204 on this URL:

https://www.amazon.com/gp/aw/ya?ref_=aw_bottom_links_ya

It looks like wget has the same problem.

* The other problem is that Amazon's main login claims that Lynx isn't
using cookies (this has been going on for years and is why I just login
through the mobile/accessibility subsite):

https://www.amazon.com/ap/signin?_encoding=UTF8&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Fhomepage.html%3Fie%3DUTF8%26ref_%3Dgno_yam_ya

[...] Oh, futz, Amazon's playing games with User-Agent, when I set mine
to "Mozilla/5.0" it works. (You may substitute something stronger for
"futz".)

Figure I'll send this anyway in case it helps someone else. :-( I
haven't seen broken cookie behavior based on User-Agent before.

Thanks,
Aahz
Thomas Dickey
2014-07-01 00:03:45 UTC
Permalink
Post by Aahz Maruch
Howdy,
Amazon broke Lynx about three months ago; I tried chatting with them
today, but they won't even give me a bug number (although they claim
they'll forward a message to their technical team). Because "links"
works with Amazon, I figured I'd try asking y'all whether there's
something you can do.
* The newer problem is that using Amazon's "mobile/accessibility"
https://www.amazon.com/gp/aw/ya?ref_=aw_bottom_links_ya
It looks like wget has the same problem.
Perhaps this is also user-agent?

(I'm in the middle of upgrading a server, otherwise would test this).
Post by Aahz Maruch
Figure I'll send this anyway in case it helps someone else. :-( I
haven't seen broken cookie behavior based on User-Agent before.
When someone sets out to intentionally break their web server, it can have lots
of symptoms.
--
Thomas E. Dickey <***@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
Karen Lewellen
2014-07-01 01:18:23 UTC
Permalink
Good evening,
amazon is presently working on both problems.
the 204 error, and the fact amazon thinks cookies are off in lynx, even
when cookies are being allowed.
I am not sure where you got the idea that they will not forward this to
their technical team.
My complaint is at the supervisor level, with one writing asking me to
test the site and report the specific time of my tests.
did you call here?
1-866-216-1072?
or did you just do the computer chat which may not reach a supervisor?
My understanding is that this resulted from some drastic heartblead
measures.
Karen
Post by Thomas Dickey
Post by Aahz Maruch
Howdy,
Amazon broke Lynx about three months ago; I tried chatting with them
today, but they won't even give me a bug number (although they claim
they'll forward a message to their technical team). Because "links"
works with Amazon, I figured I'd try asking y'all whether there's
something you can do.
* The newer problem is that using Amazon's "mobile/accessibility"
https://www.amazon.com/gp/aw/ya?ref_=aw_bottom_links_ya
It looks like wget has the same problem.
Perhaps this is also user-agent?
(I'm in the middle of upgrading a server, otherwise would test this).
Post by Aahz Maruch
Figure I'll send this anyway in case it helps someone else. :-( I
haven't seen broken cookie behavior based on User-Agent before.
When someone sets out to intentionally break their web server, it can have lots
of symptoms.
--
http://invisible-island.net
ftp://invisible-island.net
Aahz
2014-07-01 02:54:41 UTC
Permalink
amazon is presently working on both problems. the 204 error, and the
fact amazon thinks cookies are off in lynx, even when cookies are
being allowed.
Per my other message just now, it's clear that the problem is that
Amazon blocks multiple User-Agents -- based on what I saw with "links"
versus Lynx with User-Agent set to "Lynx/2.8.8" versus Lynx with
User-Agent set to "Mozilla/5.0", Amazon is not repeat *NOT* sending the
cookies in the first place.

They should be easily able to replicate the behavior if they try.

I'm pretty sure they're also doing some other stuff to block specific
User-Agent strings based on what happened with wget (that's probably
what's causing the HTTP 204 -- the not-sending-cookies has existed for
much longer, possibly years).
I am not sure where you got the idea that they will not forward this to
their technical team.
My years in tech support -- if you don't get a bug number, you have no
confirmation that it got forwarded. ;-)
My complaint is at the supervisor level, with one writing asking me to
test the site and report the specific time of my tests. did you call
here? 1-866-216-1072? or did you just do the computer chat which may
not reach a supervisor?
I'm deaf, so I used chat -- I did manage to reach a supervisor, but that
person was not particularly helpful. (I do have cochlear implants, so I
can use the phone if I absolutely have to, but partly because I know lots
of people who hate using the phone, I leverage my disability to improve
non-phone access for everyone.)
My understanding is that this resulted from some drastic heartblead
measures.
Interesting; if true, this is security theater of the highest order.
Heartbleed was a *server-side* problem.

I saw your other message, I'll try working up an e-mail directly to
Amazon, but feel free to forward my messages to them.
--
Hugs and backrubs -- I break Rule 6 http://rule6.info/
<*> <*> <*>
"I have the heart of a child. I keep it in a jar on my desk." --Robert Bloch
Aahz Maruch
2014-07-01 02:46:53 UTC
Permalink
Post by Thomas Dickey
Post by Aahz Maruch
* The newer problem is that using Amazon's "mobile/accessibility"
https://www.amazon.com/gp/aw/ya?ref_=aw_bottom_links_ya
It looks like wget has the same problem.
Perhaps this is also user-agent?
Ayup, this works:

wget -U 'Mozilla/5.0' -O x 'https://www.amazon.com/gp/aw/ya?ref_=aw_bottom_links_ya'

However, wget uses "Wget/version" as its agent (according to the man
page), so Amazon apparently is blocking multiple agents.
--
Hugs and backrubs -- I break Rule 6 http://rule6.info/
<*> <*> <*>
"I put people on my humor list as a form of revenge, you realize." --SJM
David Woolley
2014-07-01 06:51:06 UTC
Permalink
Post by Aahz Maruch
Amazon apparently is blocking multiple agents
Normally when this sort of thing is happening, they are blocking all but
certain User Agent patterns. Often there is some sort of browser
capabilities file and if that file doesn't match your browser or
declares that it doesn't have a capability, you get blocked.
Karen Lewellen
2014-07-01 01:53:53 UTC
Permalink
Hi all
I just phoned Amazon again.
I am placing below an email from a supervisor involved with their tech
efforts to repair this problem.
If you can, contact him at the address he provides as the reply to here.
Share that you got the address from me in an effort to give tech support a
variety of examples from different platforms using lynx.
here is the communication,
From amazon-***@amazon.com Fri Jun 13 20:24:06 2014
Date: Sat, 14 Jun 2014 00:24:05 +0000
From: Amazon.com <amazon-***@amazon.com>
Reply-To: "amazon-csc+***@amazon.com" <amazon-csc+***@amazon.com>
To: "***@shellworld.net" <***@shellworld.net>
Subject: A Message from Amazon Customer Service - Re: Account Access

Amazon
Your Account Amazon.com
Message From Customer Service
Hi Karen,

A colleague let me know you called in asking for an update from me.
From our last conversation, I was under the impression you didn't
want to be contacted with just a "we're still looking into this"
update. I'm sorry if I misunderstood.

Could you please try using the links on our amazon.com/access page
again? If they still don't work, could you please let me know the
date/time you attempt? Ideally, they'll work for you, but if not
we'll be generating a fresh example for our team to work with.

Best regards,
Ben B.
Did I solve your problem?
Yes  No

Your feedback is helping us build Earth's Most Customer-Centric
Company.

Thank you.
Amazon.com[r.html?R=3KCHNE60K98UK&C=3GG4DES2VDURU&H=ZTAMO4HFIW3NDDNOPK4FLHCVFIYA&T=E&U
=Loading Image...]

Pass this on widely,
Kare
Post by Aahz Maruch
Howdy,
Amazon broke Lynx about three months ago; I tried chatting with them
today, but they won't even give me a bug number (although they claim
they'll forward a message to their technical team). Because "links"
works with Amazon, I figured I'd try asking y'all whether there's
something you can do.
* The newer problem is that using Amazon's "mobile/accessibility"
https://www.amazon.com/gp/aw/ya?ref_=aw_bottom_links_ya
It looks like wget has the same problem.
* The other problem is that Amazon's main login claims that Lynx isn't
using cookies (this has been going on for years and is why I just login
https://www.amazon.com/ap/signin?_encoding=UTF8&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fcss%2Fhomepage.html%3Fie%3DUTF8%26ref_%3Dgno_yam_ya
[...] Oh, futz, Amazon's playing games with User-Agent, when I set mine
to "Mozilla/5.0" it works. (You may substitute something stronger for
"futz".)
Figure I'll send this anyway in case it helps someone else. :-( I
haven't seen broken cookie behavior based on User-Agent before.
Thanks,
Aahz
_______________________________________________
Lynx-dev mailing list
https://lists.nongnu.org/mailman/listinfo/lynx-dev
Aahz Maruch
2014-07-04 16:43:54 UTC
Permalink
Post by Karen Lewellen
I am placing below an email from a supervisor involved with their tech
efforts to repair this problem.
Started writing up an e-mail to Amazon but first checked to verify that
the bugs still existed, turns out they've fixed it. (But only for Lynx,
not for wget, which isn't a big deal for me, just mentioning that they're
clearly still blocking by User-Agent, which I proved by changing wget's
User-Agent.)
Stefan Caunter
2014-07-04 16:46:09 UTC
Permalink
Post by Aahz Maruch
Post by Karen Lewellen
I am placing below an email from a supervisor involved with their tech
efforts to repair this problem.
Started writing up an e-mail to Amazon but first checked to verify that
the bugs still existed, turns out they've fixed it. (But only for Lynx,
not for wget, which isn't a big deal for me, just mentioning that they're
clearly still blocking by User-Agent, which I proved by changing wget's
User-Agent.)
Presumably if you can demonstrate that you can shop with wget, they
will be happy to get that sorted ;)

S
David Woolley
2014-07-04 17:29:54 UTC
Permalink
Post by Stefan Caunter
Post by Aahz Maruch
Post by Karen Lewellen
I am placing below an email from a supervisor involved with their tech
efforts to repair this problem.
Started writing up an e-mail to Amazon but first checked to verify that
the bugs still existed, turns out they've fixed it. (But only for Lynx,
not for wget, which isn't a big deal for me, just mentioning that they're
clearly still blocking by User-Agent, which I proved by changing wget's
User-Agent.)
Presumably if you can demonstrate that you can shop with wget, they
will be happy to get that sorted ;)
You may have to prove that you are much more likely to shop than simply
copy their site.

Loading...