[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7650 [EFF-HTTPS Everywhere]: "Asymmetric Publications (partial)" rule breaks kingdomofloathing.com



#7650: "Asymmetric Publications (partial)" rule breaks kingdomofloathing.com
----------------------------------+-----------------------------------------
 Reporter:  zwol                  |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 The ruleset Asymmetric-Publications.xml (aka "Asymmetric Publications
 (partial)") attempts to rewrite all URLs under *.kingdomofloathing.com to
 HTTPS.  If you log into the site with this rule in effect, you will be
 taken to https://www.kingdomofloathing.com/game.php, which force-redirects
 to http://www.kingdomofloathing.com/game.php with a <meta http-
 equiv="refresh"> tag in the HTML (*not* with an HTTP 3xx response code).
 The ruleset will rewrite this load back to https://, placing the site into
 an infinite loop.

 I don't know how much of the site will refuse to be served over HTTPS.  It
 is possible that just blacklisting game.php would make the ruleset work;
 however, it seems clearly the intention of the site admins to serve only
 the login page over HTTPS (optionally), so I'd be inclined to follow suit.

 I was going to inquire about the level of HTTPS support in the site's
 forums but I can't log in there.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7650>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs