[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7851 [EFF-HTTPS Everywhere]: XHR requests don't load when rewritten by HTTPS Everywhere (was: Rulesets affecting only XHR requests may not appear in the context menu.)

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7851 [EFF-HTTPS Everywhere]: XHR requests don't load when rewritten by HTTPS Everywhere (was: Rulesets affecting only XHR requests may not appear in the context menu.)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 24 Aug 2013 00:29:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Aug 2013 20:30:03 -0400
In-reply-to: <043.2ec2556b83103275c57166adaddcd2c8@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.2ec2556b83103275c57166adaddcd2c8@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7851: XHR requests don't load when rewritten by HTTPS Everywhere (was: Rulesets
affecting only XHR requests may not appear in the context menu.)
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  zyan    
     Type:  defect                |         Status:  assigned
 Priority:  normal                |      Milestone:          
Component:  EFF-HTTPS Everywhere  |        Version:          
 Keywords:                        |         Parent:          
   Points:                        |   Actualpoints:          
----------------------------------+-----------------------------------------

Comment(by zyan):

 Oh, this appears to be at-least-sometimes an instance of same-origin
 policy violation, since different protocols are considered to be different
 origins.

 The-Verge.xml in the current development branch is a good example of this:
 - A page with a URL pattern like http://www.theverge.com/2013/8/23/4651536
 /who-will-be-the-next-microsoft-ceo is excluded, so it doesn't get
 redirected to https.
 - However, it sends an XHR request to
 https://www.theverge.com/comments/load_comments/4415577?t=1377303469517 to
 load comments, which does trigger the The Verge rule!

 As a result, if HTTPS everywhere is enabled and you go to the http://
 page, the comments won't load. However, if you manually type in the
 https:// page, the comments load.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7851#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9546 [Tor]: Link handshake fails with "Received unexpected cell command 10" on a bridge
Next by Author: Re: [tor-bugs] #9546 [Tor]: Link handshake fails with "Received unexpected cell command 10" on a bridge
Previous by thread: Re: [tor-bugs] #7851 [EFF-HTTPS Everywhere]: XHR requests don't load when rewritten by HTTPS Everywhere (was: Rulesets affecting only XHR requests may not appear in the context menu.)
Next by thread: Re: [tor-bugs] #9110 [EFF-HTTPS Everywhere]: Zattoo.com liveTV does not start (HTTPS Everywhere 3.2.2)
Index(es):
- Author
- Thread