[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #1674 [EFF-HTTPS Everywhere]: every from rule should contain a slash after the host part

To: undisclosed-recipients:;
Subject: [tor-bugs] #1674 [EFF-HTTPS Everywhere]: every from rule should contain a slash after the host part
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 07 Jul 2010 23:15:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-bugs-outgoing@xxxxxxxx
Delivered-to: tor-bugs@xxxxxxxxxxxxxx
Delivery-date: Wed, 07 Jul 2010 19:15:29 -0400
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: owner-tor-bugs@xxxxxxxxxxxxxx

#1674: every from rule should contain a slash after the host part
----------------------------------+-----------------------------------------
 Reporter:  schoen                |       Owner:  pde
     Type:  defect                |      Status:  new
 Priority:  normal                |   Milestone:     
Component:  EFF-HTTPS Everywhere  |     Version:     
 Keywords:                        |      Parent:     
----------------------------------+-----------------------------------------
 A from rule that matches on an entire site, but doesn't contain a trailing
 slash, could be misinterpreted.

 For example, ^http://w3.org erroneously matches http://w3.organization.net
 and ^http://mail.com matches http://mail.commercialsite.com, and so on.

 Experiment seems to show that an explicit trailing slash on the from rule
 for a site does not cause Firefox to fail to apply the rule if the user
 doesn't type the slash.  For instance, the from rule
 ^http://www.example.com/ will correctly trigger if the user types
 "www.example.com", "http://www.example.com";, "www.example.com/", or
 "http://www.example.com/"; in the address bar.  Adding the trailing slash
 avoids potential false positives and does not seem to create any false
 negatives, so it should be done by default in rules that ship with HTTPS
 Everywhere.

 This does NOT mean that ^http://www.example.com/resource and
 ^http://www.example.com/resource/ are the same.  The trailing slash is
 only automatically appropriate at the top level of a site, not necessarily
 for individual pages of the site.  Whether trailing slashes belong in
 rules referring to individual pages or directories is a case-by-case
 question.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1674>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Follow-Ups:
- [tor-bugs] Re: #1674 [EFF-HTTPS Everywhere]: every from rule should contain a slash after the host part
  - From: Tor Bug Tracker & Wiki
- [tor-bugs] Re: #1674 [EFF-HTTPS Everywhere]: every from rule should contain a slash after the host part
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #1673 [EFF-HTTPS Everywhere]: Firefox HTTP Prefetch feature leaks unencrypted site accesses, ignoring rewrite rules
Next by Author: [tor-bugs] Re: #1674 [EFF-HTTPS Everywhere]: every from rule should contain a slash after the host part
Previous by thread: [tor-bugs] Re: #1673 [EFF-HTTPS Everywhere]: Firefox HTTP Prefetch feature leaks unencrypted site accesses, ignoring rewrite rules
Next by thread: [tor-bugs] Re: #1674 [EFF-HTTPS Everywhere]: every from rule should contain a slash after the host part
Index(es):
- Author
- Thread