[HTTPS-E Rulesets] Pinterest: possible issue with stylesheets
Christopher Liu
cmliu00151 at gmail.com
Thu Aug 1 12:10:12 PDT 2013
To whom it may concern:
developers.pinterest.com uses a stylesheet from
http://passets-ak.pinterest.com/webapp/app/desktop/bundle.da99a7cd.css
or http://passets-ec.pinterest.com/webapp/app/desktop/bundle.74f12d61.css
(the CDN in use changes sometimes; the passets-ak subdomain isn't
covered yet, but it appears identical to the other passets
subdomains).
The problem is that rewriting these to Akamai causes some relative
paths in the stylesheet to behave wrongly (i.e., be interpreted
relative to the root of a248.e.akamai.net), resulting in at least a
missing image.
It is possible that stylesheets elsewhere within Pinterest could be
similarly affected, though I'm not aware of any specifically.
It looks like this can be solved by rewriting the passets stuff to
s-passets-ec.pinimg.com instead.
Also, the pinterest.com homepage seems to have started enforcing https
recently, so let's try removing the homepage from the exclusions. (I'm
still not a registered user, though)
Finally, there should probably be a trivial rewrite for en.help.pinterest.com .
(This message doesn't strictly apply to 3.x due to the Pinterest
ruleset being disabled there.)
C. Liu
More information about the HTTPS-Everywhere-Rules
mailing list