[HTTPS-E Rulesets] Prevent mixed mode webogram

Yan Zhu yan at eff.org
Thu Jun 5 14:29:17 PDT 2014


Hi,

Unfortunately, Firefox (and Chrome) implemented mixed content blocking
in such a way that HTTP content will get blocked even if HTTPS
Everywhere would have written it to HTTPS (!!). You can star this bug to
help get it fixed in Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=878890.

It would be great if you could fix Webogram to serve all resources over
SSL; otherwise users who have the default mixed content settings in
Firefox/Chrome will not be able to use it over HTTPS.

It looks like your site is hosted on Github.io, so they can disable the
"Github" or "Github Pages" rule in HTTPS Everywhere to get it to work
rather than disabling the extension globally.

-Yan

On 06/02/2014 12:07 AM, Pander wrote:
> Hi all,
> 
> Webogram, an instant messenger, has troubles with Firefox's mixed mode
> of HTTP and HTTPS when HTTPS Everywhere is enabled but one chooses in
> the website to explicitly use HTTP-only.
> 
> Could someone look into this issue
>  https://github.com/zhukov/webogram/issues/237
> and see if an extra rule is needed in HTTS Everywhere in order to fix this?
> 
> At the moment, the only workaround for normal users is to disable HTTPS
> Everywhere which is undesirable.
> 
> Thanks,
> 
> Pander
> 


-- 
Yan Zhu  <yan at eff.org>, <yan at torproject.org>
Staff Technologist
Electronic Frontier Foundation                  https://www.eff.org
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x134

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20140605/ea3edad2/attachment.sig>


More information about the HTTPS-Everywhere-Rules mailing list