[HTTPS-E Rulesets] Fwd: https://adblockplus.org/en/
Artyom Gavrichenkov
ximaera at gmail.com
Mon Nov 7 11:28:15 PST 2011
It's me again, sorry for being annoying,
Date: Thu, 27 Oct 2011 22:43:28 +0530
From: Vineeth Reddy <vineethreddyr at gmail.com>
To: https-everywhere at mail1.eff.org
Subject: https://adblockplus.org/en/
> https://adblockplus.org/en/ doesn't display a video cos of
> youtube being enabled in https everywhere
This is the result of frame-src directive of an
X-Content-Security-Policy header being sent by adblockplus.org Web
server, like this:
--- cut here ---
HTTP/1.1 200 OK
Server: nginx/1.0.8
Date: Mon, 07 Nov 2011 18:57:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-content-security-policy: allow 'self'; img-src *; frame-src http://*.youtube.com; options inline-script eval-script
X-Frame-Options: sameorigin
--- cut here ---
The page itself links to an iframe http://www.youtube.com/embed/oNvb2SjVjjI?html5=1
which is being rewritten to https://www.youtube.com/embed/oNvb2SjVjjI?html5=1
and thus doesn't match allowed frame source http://*.youtube.com .
Probably someone (maybe even I) should tell administrators of
adblockplus.org to tweak this HTTP header, or maybe it's possible
to rewrite it in a new version of HTTPS Everywhere extension
(I don't quite know XUL and Firefox API, so I may be mistaken
on this one).
| Artyom Gavrichenkov
| gpg: fa1c670e
| mailto: ximaera at gmail.com
| xmpp: ximaera at gmail.com
| skype: xima_era
| tel. no: +7 916 515 49 58
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20111107/e18bc459/attachment.sig>
More information about the HTTPS-Everywhere-Rules
mailing list