[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4408 [EFF-HTTPS Everywhere]: HTTPS Everywhere breaks the YouTube JS API

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4408 [EFF-HTTPS Everywhere]: HTTPS Everywhere breaks the YouTube JS API
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 25 Mar 2013 22:31:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 25 Mar 2013 18:31:18 -0400
In-reply-to: <045.0adc9a8e45c88feef6496e21c140cd9b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.0adc9a8e45c88feef6496e21c140cd9b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4408: HTTPS Everywhere breaks the YouTube JS API
----------------------------------+-----------------------------------------
 Reporter:  raylu                 |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:  httpse-ruleset-bug    |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------

Comment(by pde):

 ari-_-e reported some research on this via IRC.  Apparently it seems to be
 caused by Youtube's JS doing DOM introspection of a .src attribute to
 learn the URI scheme of the player iframe.  ari-_-e says that if HTTPS E
 rewrites the iframe, the DOM .src attribute still indicates "http".
 Interestingly, when images are rewritten the DOM .src attirbute is HTTPS.

 We need to investigate whether this is dependent on which API pathway the
 rewrites occurs on, and whether the #3190 patch landing in FF 20 changes
 the situation.

 ari-_-e is working on a clean/simple reproduction case for this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4408#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #8590 [Tor]: Clarification on the Use of Fingerprints in the MyFamily Option in the torrc Man Page
Next by Author: Re: [tor-bugs] #8590 [Tor]: Clarification on the Use of Fingerprints in the MyFamily Option in the torrc Man Page
Previous by thread: Re: [tor-bugs] #8590 [Tor]: Clarification on the Use of Fingerprints in the MyFamily Option in the torrc Man Page
Next by thread: Re: [tor-bugs] #7883 [Flashproxy]: Consider and potentially implement the integration of pyptlib in flashproxy
Index(es):
- Author
- Thread