[HTTPS-E Rulesets] Regarding latest Disqus issue
Christopher Liu
cmliu00151 at gmail.com
Thu May 17 21:30:43 PDT 2012
To whom it may concern:
Regarding the comment posted on
https://trac.torproject.org/projects/tor/ticket/5496 by gh1234 about
Omgubuntu, I was able to reproduce the problem (using the ruleset as
it currently exists in git head), and the exclusion that worked was
http://disqus.com/next/lounge/client.html .
(There are query parameters - do not add $ at the end of this.)
My attempts to exclude the /build/next/embed.js file and other scripts
in the "next" folder were unsuccessful (hmmm, why?).
...this is not a great situation, since the exclusion is for the
disqus.com domain rather than media/mediacdn/securecdn/etc. Is there a
securecookie we could add to plug this leak?
Is this a tech evangelism bug since Disqus appears to be doing some redesigning?
I apologize that I don't have a Disqus account, nor anything in mind
worth commenting about on Omgubuntu, nor other examples of similarly
affected sites.
I am not any of the commenters on the Trac ticket.
C. Liu
P.S. Expect another lengthy email in the next few days.
More information about the HTTPS-Everywhere-Rules
mailing list