[HTTPS-E Rulesets] [PATCH] Update Stack-Exchange rules now that there's more sites available with HTTPS
Yan
yan at eff.org
Fri Dec 6 12:03:41 PST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Lunar,
Thanks for this patch. It should be pushed to the main repo soon.
One request for people emailing patches or reporting bugs: could you
please specify which branch you're working from? Usually this is
master, but we sometimes get bug reports and patches for 3.0 (stable).
As for StackExchange, it's probably worthwhile for Tor Project to bug
the site operators about better HTTPS support. I usually do this
anyway if the site is important enough (which it is in this case) or
if the fix seems trivial.
- -Yan
On 12/04/2013 08:45 AM, Lunar wrote:
> ---
>
> Either I'm doing something wrong or these rules are hitting a bug
> in Firefox. I've never been able to prevent the “mixed content”
> signed to appear, but I've never been able to see an HTTP request
> on the web console. I did not try with another browser.
>
> Tor has a StackExchange group, so we are very very much interested
> in having those rules ready. Right now, the absence of a secure
> cookie and the HTTP by default setup is quite worrisome.
>
> src/chrome/content/rules/Stack-Exchange.xml | 14 +++++++++----- 1
> file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/src/chrome/content/rules/Stack-Exchange.xml
> b/src/chrome/content/rules/Stack-Exchange.xml index
> a8c5d84..b4ea562 100644 ---
> a/src/chrome/content/rules/Stack-Exchange.xml +++
> b/src/chrome/content/rules/Stack-Exchange.xml @@ -3,11 +3,13 @@
>
> - meta.serverfault.com (cert: *.stackexchange.com; 301s to http) -
> chat.stackexchange.com ("We are Offline") + -
> meta.*.stackexchange.com (cert: *.stackexchange.com)
>
>
> Fully covered domains:
>
> - (www.)stackoverflow.com + - *.stackexchange.com
>
> --> <ruleset name="Stack Exchange (partial)"> @@ -30,18 +32,18 @@
> <target host="www.superuser.com" />
>
>
> - <rule
> from="^https?://(?:www\.)?(askubuntu|serverfault|superuser)\.com/favicon\.ico"
>
>
+ <rule
from="^https?://(?:www\.)?(stackexchange|askubuntu|serverfault|superuser)\.com/favicon\.ico"
> + to="https://cdn.sstatic.net/$1/img/favicon.ico" /> + + <rule
> from="^https?://(?:\w+\.)?(\w+)\.stackexchange\.com/favicon\.ico"
> to="https://cdn.sstatic.net/$1/img/favicon.ico" />
>
> <rule from="^https?://(?:www\.)?blogoverflow\.com/$"
> to="https://stackexchange.com/blogs" />
>
> - <rule from="^http://(meta\.|www\.)?stackexchange\.com/" + <rule
> from="^http://(\w+\.)?stackexchange\.com/"
> to="https://$1stackexchange.com/" />
>
> - <rule from="^https?://(\w+)\.stackexchange\.com/favicon\.ico" -
> to="https://cdn.sstatic.net/$1/img/favicon.ico" /> - <rule
> from="^https?://(?:(or\.)?cdn\.)?sstatic\.net/"
> to="https://$1cdn.sstatic.net/" />
>
> @@ -54,4 +56,6 @@ <rule
> from="^https?://meta\.superuser\.com/favicon\.ico"
> to="https://cdn.sstatic.net/superusermeta/img/favicon.ico" />
>
> + <securecookie host="\.stackexchange\.com$" name=".*" /> +
> </ruleset>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSoi2aAAoJENC7YDZD/dnsP10H/3JOpzqv56cIt/c/oxfRBD5M
Iv+RXdu0skZ3DzMiM/eHgaencTerv3fQAOhWOkkAT7Qu+oo5IaLFjghkmScyd0Dy
onlhVZQkGTMZhnO1GGMRgJtK2BjGEYuPrWAk8Ppq1L80YQTJytmqDsmADJWXPVXR
PBpfq+KSBYpJt5TjQABA4EFVPzNgcTd8uk6v2l3oYKhZ1LXsxhEYWzuUT5Ob2DWR
B0kxZoLK4Qqs2s6zldrAnwh1dU7n0IxcQCIYonLmQ3i2cdTExEswYvxbhckymxcq
jAst1HonsR+ajlFmUNb44blPCtkAh1uy/ZZFW7qjmI+HqotrfT9IqNWF9Qk9aek=
=uubI
-----END PGP SIGNATURE-----
More information about the HTTPS-Everywhere-Rules
mailing list