[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [or-cvs] [https-everywhere/master 2/2] securecookie: Dropbox, Evernote, Github

To: or-dev@xxxxxxxxxxxxx
Subject: Re: [or-cvs] [https-everywhere/master 2/2] securecookie: Dropbox, Evernote, Github
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Fri, 12 Nov 2010 14:15:55 -0800
Cc: https-everywhere@xxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Fri, 12 Nov 2010 17:16:11 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type; bh=VtyTK7acJpM36bok0lHZ33lB+2C2lODxcMtvVvHqmx0=; b=BJKYD6yt9FeZeD7XgLipS4o5j2cAlVAunoCx/ej19ePn5x1jJ+4I466YHo9PSWlMKc bVz+OfyPDwpQf1OY1HMRSH8U/ptY/FRTKLgQ2rof3B9pLtQukHD6aIeF77j/GnRdujIJ sL0+jloxa5qEAOH41DFskNNsMq2KE2dwOL5xk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type; b=tP+kn5wH5rb04Ue0pK2GUSOeeVwVCBSa1rvjAd+yJff0vPVbbmMgoUwR4DjQ3yp10/ TQ61P14QW2qSkXLYXhMsKE7ag+RkGfi++lnp/qSjaRd7jRWG/G/45ApTdNxBU/ABDHAb h+VNuJ0MSb5gK+5y0lQ5Jgk2Fcv0T3YE5rF+s=
In-reply-to: <20101112183809.4E5705DEAF@xxxxxxxxxxxxxxxxxxxxx>
References: <20101112183809.4E5705DEAF@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

On Fri, 12 Nov 2010 18:38:09 +0000 (UTC)
pde@xxxxxxxxxxxxxx wrote:

> Author: Peter Eckersley <pde@xxxxxxx>
> Date: Fri, 12 Nov 2010 10:24:51 -0800
> Subject: securecookie: Dropbox, Evernote, Github
> Commit: 4d87e583e18b42373343e6b19820710fd1a4a088
> 
> ---
>  src/chrome/content/rules/Dropbox.xml  |    2 ++
>  src/chrome/content/rules/Evernote.xml |    2 ++
>  src/chrome/content/rules/Facebook.xml |    2 +-
>  src/chrome/content/rules/Github.xml   |    2 ++
>  4 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/src/chrome/content/rules/Dropbox.xml b/src/chrome/content/rules/Dropbox.xml
> index 7df8033..712ad26 100644
> --- a/src/chrome/content/rules/Dropbox.xml
> +++ b/src/chrome/content/rules/Dropbox.xml
> @@ -2,6 +2,8 @@
>    <target host="www.dropbox.com" />
>    <target host="dropbox.com" />
>  
> +  <securecookie host="^(.*\.)?dropbox.com$" name=".*" />

The hostname has an unescaped dot.  The Evernote and Github
securecookie rules have the same problem.


Robert Ransom

Attachment: signature.asc
Description: PGP signature

Prev by Author: Re: [or-cvs] [https-everywhere/master] Experimentally securecookie Bit.ly; fix Facebook
Next by Author: Re: [or-cvs] [https-everywhere/master] Added Google Finance to Google Services rule
Previous by thread: Re: Proposal: Separate streams across circuits by destination port or destination host
Next by thread: Re: [or-cvs] [https-everywhere/master] Added Google Finance to Google Services rule
Index(es):
- Author
- Thread