[HTTPS-E Rulesets] bug in the wikipedia rule
Greg Lindahl
greg at blekko.com
Mon May 6 12:01:25 PDT 2013
Hm, looks like "www.en" was fixed a while ago.
However, it appears to me that mobile sites like en.m.wikipedia.org
are not transformed by the current rule -- but
https://en.m.wikipedia.org/ works fine. The domains in the cert ought
to be a good starting point for what will work.
-- greg
On Sat, May 04, 2013 at 08:35:49PM -0700, Greg Lindahl wrote:
> <rule from="^http://([^@:/]+\.)?wik(ipedia|inews|isource|ibooks|iquote|iversity|tionary|imedia|idata)\.org/" to="https://$1wik$2.org/"/>
>
> Now consider this url
>
> http://www.en.wikipedia.org/wiki/Guy_Gavriel_Kay
>
> which is a redir to
>
> http://en.wikipedia.org/wiki/Guy_Gavriel_Kay
>
> The above rule matches www.en as $1, and generates
> https://www.en.wikipedia.org/...
>
> Firefox throws a security error for https://www.en.wikipedia.org and
> tells me I'm not matching the cert. The cert is good for:
>
> *.wikipedia.org , wikipedia.org , m.wikipedia.org ,
> *.m.wikipedia.org , wikibooks.org , m.wikibooks.org , *.wikibooks.org ,
> *.m.wikibooks.org , wikidata.org , m.wikidata.org , *.wikidata.org ,
> *.m.wikidata.org , wikimedia.org , m.wikimedia.org , *.wikimedia.org ,
> *.m.wikimedia.org , wikimediafoundation.org ,
> m.wikimediafoundation.org , *.wikimediafoundation.org ,
> *.m.wikimediafoundation.org , wikinews.org , m.wikinews.org ,
> *.wikinews.org , *.m.wikinews.org , wikiquote.org , m.wikiquote.org ,
> *.wikiquote.org , *.m.wikiquote.org , wikisource.org ,
> m.wikisource.org , *.wikisource.org , *.m.wikisource.org ,
> wikiversity.org , m.wikiversity.org , *.wikiversity.org ,
> *.m.wikiversity.org , wikivoyage.org , m.wikivoyage.org ,
> *.wikivoyage.org , *.m.wikivoyage.org , wiktionary.org ,
> m.wiktionary.org , *.wiktionary.org , *.m.wiktionary.org ,
> mediawiki.org , *.mediawiki.org , m.mediawiki.org , *.m.mediawiki.org
>
> I've never known what * means in this context, but presumably Firefox
> is correct that * doesn't allow periods. So *.wikipedia.org does
> not match www.en.wikipedia.org.
>
> I suspect that this won't be tripped on very often, but pity the user
> who does! Given the cert, this rule ought to be correct:
>
> <rule from="^http://([^@:/.]+\.)?wik(ipedia|inews|isource|ibooks|iquote|iversity|tionary|imedia|idata)\.org/" to="https://$1wik$2.org/"/>
> <rule from="^http://([^@:/.]+\.m\.)?wik(ipedia|inews|isource|ibooks|iquote|iversity|tionary|imedia|idata)\.org/" to="https://$1wik$2.org/"/>
>
> Basically, don't allow period in the set, and add m as a domain that's
> allow to go deeper.
>
> -- greg
>
>
More information about the HTTPS-Everywhere-Rules
mailing list