[HTTPS-E Rulesets] [PATCH] Update Stack-Exchange rules now that there's more sites available with HTTPS

Lunar lunar at torproject.org
Wed Dec 4 08:45:08 PST 2013 

---

Either I'm doing something wrong or these rules are hitting a bug in
Firefox. I've never been able to prevent the “mixed content” signed to
appear, but I've never been able to see an HTTP request on the web
console. I did not try with another browser.

Tor has a StackExchange group, so we are very very much interested in
having those rules ready. Right now, the absence of a secure cookie and
the HTTP by default setup is quite worrisome.

 src/chrome/content/rules/Stack-Exchange.xml |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/chrome/content/rules/Stack-Exchange.xml b/src/chrome/content/rules/Stack-Exchange.xml
index a8c5d84..b4ea562 100644
--- a/src/chrome/content/rules/Stack-Exchange.xml
+++ b/src/chrome/content/rules/Stack-Exchange.xml
@@ -3,11 +3,13 @@
 
 		- meta.serverfault.com		(cert: *.stackexchange.com; 301s to http)
 		- chat.stackexchange.com	("We are Offline")
+		- meta.*.stackexchange.com      (cert: *.stackexchange.com)
 
 
 	Fully covered domains:
 
 		- (www.)stackoverflow.com
+		- *.stackexchange.com
 
 -->
 <ruleset name="Stack Exchange (partial)">
@@ -30,18 +32,18 @@
 	<target host="www.superuser.com" />
 
 
-	<rule from="^https?://(?:www\.)?(askubuntu|serverfault|superuser)\.com/favicon\.ico"
+	<rule from="^https?://(?:www\.)?(stackexchange|askubuntu|serverfault|superuser)\.com/favicon\.ico"
+		to="https://cdn.sstatic.net/$1/img/favicon.ico" />
+
+	<rule from="^https?://(?:\w+\.)?(\w+)\.stackexchange\.com/favicon\.ico"
 		to="https://cdn.sstatic.net/$1/img/favicon.ico" />
 
 	<rule from="^https?://(?:www\.)?blogoverflow\.com/$"
 		to="https://stackexchange.com/blogs" />
 
-	<rule from="^http://(meta\.|www\.)?stackexchange\.com/"
+	<rule from="^http://(\w+\.)?stackexchange\.com/"
 		to="https://$1stackexchange.com/" />
 
-	<rule from="^https?://(\w+)\.stackexchange\.com/favicon\.ico"
-		to="https://cdn.sstatic.net/$1/img/favicon.ico" />
-
 	<rule from="^https?://(?:(or\.)?cdn\.)?sstatic\.net/"
 		to="https://$1cdn.sstatic.net/" />
 
@@ -54,4 +56,6 @@
 	<rule from="^https?://meta\.superuser\.com/favicon\.ico"
 		to="https://cdn.sstatic.net/superusermeta/img/favicon.ico" />
 
+	<securecookie host="\.stackexchange\.com$" name=".*" />
+
 </ruleset>
-- 
1.7.10.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20131204/38375b35/attachment.sig>

More information about the HTTPS-Everywhere-Rules mailing list