[HTTPS-E Rulesets] I think I broke Disqus (and a few other comments)

[Christopher Liu]

To whom it may concern:

I'm guessing that a new release is coming soon because of this
security bug: https://trac.torproject.org/projects/tor/ticket/5477 ,
so sorry if my haste is making waste ...

It looks like the Disqus ruleset is in danger of being disabled
because of https://trac.torproject.org/projects/tor/ticket/5496 .
Before you do that, can you try reverting the last thing I submitted,
which was the mediacdn -> securecdn redirect? This would leave the
ruleset to apply only for the disqus.com domain.
I am aware that the offending change is in 3.0development.1 but not in
2.0.1. Can you check that the original reporter of the bug is using a
development build?
Also, is there a possibility that the behavior might differ between
Firefox and Chrome? (I have always used Firefox.)
I'm sorry for not testing this thoroughly - I have never actually used
Disqus to post comments, and accordingly I do not have a Disqus
account.
A longer-term solution may include either of the following: (1) Split
the offending part to a separate ruleset which is default_off; (2)
consider limiting the offending rule to certain paths or file types.

Other unrelated issues:
I can reproduce the Malwarebytes breakage reported at
https://trac.torproject.org/projects/tor/ticket/5509
Screen It! Movie Reviews is broken due to an expired certificate.
I remember seeing an expired cert on Freedombox Foundation, but I've
been too busy to check in the last couple days.

As usual, thank you for your time and help.

C. Liu