Player icons missing with HTTPS Everywhere extension

The player still works, just sans icons.

Firefox console says a CORS header is missing:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.giantbomb.com/bundles/phoenixsite/images/core/sprites/icons/svg/icons-sprite-min.svg. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

To reproduce, install HTTPS Everywhere with the default policies and view the site.

Yep, same thing with icons for the text box (at least it always used to be).

I've found that any HTTPE rules with a "partial" note mean they're still not really working perfectly and you may need to turn them off (not as bad as the experimental ones that are off by default but also stuff like this is often broken) so have had the GiantBomb rule off (mainly so I can use these text boxes properly).

We have SSL enabled site-wide now, so I don't think you need HTTPS everywhere enabled on our site, but I'm not really up on security issues like that, myself.

Regardless, we've had a request out to their git depository since December but no one has responded, apparently.