[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5196 [HTTPS Everywhere: Chrome]: Translate breakage in Chrome

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5196 [HTTPS Everywhere: Chrome]: Translate breakage in Chrome
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 24 Feb 2012 23:54:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 24 Feb 2012 18:54:22 -0500
In-reply-to: <043.2553c2619180e912e02c78a9314e397c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.2553c2619180e912e02c78a9314e397c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5196: Translate breakage in Chrome
--------------------------------------+-------------------------------------
 Reporter:  pde                       |          Owner:  aaronsw
     Type:  defect                    |         Status:  new    
 Priority:  blocker                   |      Milestone:         
Component:  HTTPS Everywhere: Chrome  |        Version:         
 Keywords:                            |         Parent:         
   Points:                            |   Actualpoints:         
--------------------------------------+-------------------------------------

Comment(by pde):

 Matt Perry sent this by email:

 > OK, upon further investigation, it is not related to the fact that this
 is a POST request. It's actually caused by a conflation of 2
 implementation details in Chrome:
  1. The translate request is done using a XMLHttpRequest from the context
 of the main page. In this case, the translated page is requesting
 http://translate.googleapis.com/...
  1. The webRequest API rewrites URLs by simulating a redirect. When HTTPS
 Everywhere tells us to redirect !http://foo to !https://foo, we actually
 simulate a redirect internally.

 > Because of (1), the redirection in (2) is considered cross-origin (the
 security origin is that of the main page, and the redirected URL's origin
 is translate.googleapis.com). Chrome (specifically, !WebKit) blocks this
 cross-origin redirect.
 >
 > I could be misunderstanding web security policy, but it seems like a bug
 to me. I don't see why redirecting an XMLHttpRequest from
 !http://translate.googleapis.com to !https://translate.googleapis.com
 should care about the security origin of the containing page.
 >
 > In any case, it's a Chrome issue. I think your only workaround is to
 exempt translate.googleapis.com from the rules.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5196#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5196 [HTTPS Everywhere: Chrome]: Translate breakage in Chrome
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5154 [EFF-HTTPS Everywhere]: non-Torbutton SSL Observatory + hotel network => lots of cert warnings
Next by Author: [tor-bugs] #5224 [EFF-HTTPS Everywhere]: Allow rulesets to be different in Firefox and Chrome releases
Previous by thread: Re: [tor-bugs] #5196 [HTTPS Everywhere: Chrome]: Translate breakage in Chrome
Next by thread: Re: [tor-bugs] #5196 [HTTPS Everywhere: Chrome]: Translate breakage in Chrome
Index(es):
- Author
- Thread