[HTTPS-E Rulesets] Updated rule for api.recaptcha.net
Benjamin Moody
benjamin.moody at gmail.com
Sat Apr 30 21:11:46 PDT 2011
Hi,
The current HTTPS-Everywhere rule for api.recaptcha.net (part of the
"Google APIs" rule set) is as follows:
<rule from="^http://api\.recaptcha\.net/"
to="https://api-secure.recaptcha.net/"/>
I believe this should be changed to:
<rule from="^http://api\.recaptcha\.net/"
to="https://www.google.com/recaptcha/api/"/>
api-secure.recaptcha.net has apparently been deprecated (currently
requests are redirected to the corresponding
https://www.google.com/recaptcha/api/ address.) Furthermore, the
certificate for api-secure.recaptcha.net has expired and fails OCSP.
For more information, see the announcement here:
https://groups.google.com/group/recaptcha-announce/browse_thread/thread/c1ff6844420c9e63
Benjamin Moody
More information about the HTTPS-Everywhere-Rules
mailing list