[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place

To: undisclosed-recipients:;
Subject: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 12 Nov 2012 07:17:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Nov 2012 02:17:44 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7454: Active rules list doesn't indicate effects of securecookie if no URL
rewrite took place
----------------------------------+-----------------------------------------
 Reporter:  schoen                |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 We just had a bug reported about a securecookie rule that applied to all
 of MIT (including pages that don't support HTTPS at all!) and was breaking
 logins.

 However, the ruleset in question didn't appear in the active rules menu,
 because no rewrite rule was triggered on the page in question -- only a
 securecookie.  This made the problem take slightly longer to debug and
 made it harder for affected users to work around.  The existing logic for
 deciding which rules are "active" on the current pages seems to be
 triggered solely by rewrite rules.

 Since securecookie rules affect page rendering and can even break it,
 rulesets containing them should also show up in the active rules menu when
 they were applied to a resource on the current page.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7454>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7386 [Ooni]: Implement HTTP Requests test
Next by Author: Re: [tor-bugs] #7408 [Ooni]: Implement DNS Test Helper
Previous by thread: Re: [tor-bugs] #7232 [Ooni]: Implement HTTP Test helper
Next by thread: Re: [tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
Index(es):
- Author
- Thread