[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8406 [EFF-HTTPS Everywhere]: Quantcast Ruleset Breaks Tumblr Login - needs Update/fixing



#8406: Quantcast Ruleset Breaks Tumblr Login - needs Update/fixing
-------------------------------------+--------------------------------------
    Reporter:  cypherpunks           |       Owner:  pde               
        Type:  defect                |      Status:  reopened          
    Priority:  normal                |   Milestone:  HTTPS-E 3.1.5     
   Component:  EFF-HTTPS Everywhere  |     Version:                    
  Resolution:                        |    Keywords:  httpse-ruleset-bug
      Parent:                        |      Points:                    
Actualpoints:                        |  
-------------------------------------+--------------------------------------
Changes (by pde):

 * cc: dtauerbach, mikeperry, jmayer@â (added)


Comment:

 This is very interesting.  Seems like Quantserve might be doing secondary
 auth here or something.  Note the screen resolution that is being sentk to
 Quantcast's pixel!

 Anyway, the thing that stands out to me in the case where the ruleset is
 enabled and the login is breaking is that pixel.quantcast.com is trying to
 set a cookie three times, and it isn't being sent back to their server.
 Now, the Quantcast ruleset ''does'' have a securecookie element which can
 somtimes cause this kind of problem.  But in this case all the requests to
 Quantcast seem to be HTTPS, so I don't think that's it.

 Perhaps the cypherpunks who reported this are running some other extension
 that does cookie wrangling of some sort.  In any case, I'm going to
 disable the securecookie elements of this ruleset for 3.1.5.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8406#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs