[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7336 [EFF-HTTPS Everywhere]: Coursera.org assessment details page issues

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7336 [EFF-HTTPS Everywhere]: Coursera.org assessment details page issues
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 09 Nov 2012 23:13:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Nov 2012 18:13:20 -0500
In-reply-to: <048.cb56cc8cc7002f3dc9e596d89df48078@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.cb56cc8cc7002f3dc9e596d89df48078@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7336: Coursera.org assessment details page issues
----------------------------------+-----------------------------------------
 Reporter:  sofianeh              |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
Changes (by pde):

 * cc: MB (added)


Comment:

 I can't test this directly without a Coursera account, but the fact that a
 reload is required strongly suggests that this is a problem with part of
 the site not functioning if the cookies are secure.  I'm therefore going
 to push 3.0.4 with the securecookie directive removed from the Coursera
 ruleset (this, by the way, is a dire security flaw that Coursera needs to
 fix on their end).

 There's a chance that the problem with the ruleset is deeper, though, in
 which case 3.0.4 won't fix it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7336#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7336 [EFF-HTTPS Everywhere]: Coursera.org assessment details page issues
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7361 [EFF-HTTPS Everywhere]: gs.statcounter.com does not work
Next by Author: Re: [tor-bugs] #7423 [EFF-HTTPS Everywhere]: HTTPS Everywhere breaks the StumbleUpon plugin
Previous by thread: [tor-bugs] #7336 [EFF-HTTPS Everywhere]: Coursera.org assessment details page issues
Next by thread: Re: [tor-bugs] #4485 [Tor]: Research: can we get rid of the stream-level sendme cells (was: Get rid of the stream-level sendme cells)
Index(es):
- Author
- Thread