[HTTPS-E Rulesets] Prevent mixed mode webogram
Pander
pander at users.sourceforge.net
Mon Jun 16 08:03:38 PDT 2014
On 06/05/2014 11:29 PM, Yan Zhu wrote:
> Hi,
>
> Unfortunately, Firefox (and Chrome) implemented mixed content blocking
> in such a way that HTTP content will get blocked even if HTTPS
> Everywhere would have written it to HTTPS (!!). You can star this bug to
> help get it fixed in Firefox:
> https://bugzilla.mozilla.org/show_bug.cgi?id=878890.
>
Thanks and voted. See also other issues to vote for regarding this issue
in https://github.com/zhukov/webogram/issues/237#issuecomment-46189818
> It would be great if you could fix Webogram to serve all resources over
> SSL; otherwise users who have the default mixed content settings in
> Firefox/Chrome will not be able to use it over HTTPS.
>
> It looks like your site is hosted on Github.io, so they can disable the
> "Github" or "Github Pages" rule in HTTPS Everywhere to get it to work
> rather than disabling the extension globally.
>
> -Yan
>
> On 06/02/2014 12:07 AM, Pander wrote:
>> Hi all,
>>
>> Webogram, an instant messenger, has troubles with Firefox's mixed mode
>> of HTTP and HTTPS when HTTPS Everywhere is enabled but one chooses in
>> the website to explicitly use HTTP-only.
>>
>> Could someone look into this issue
>> https://github.com/zhukov/webogram/issues/237
>> and see if an extra rule is needed in HTTS Everywhere in order to fix this?
>>
>> At the moment, the only workaround for normal users is to disable HTTPS
>> Everywhere which is undesirable.
>>
>> Thanks,
>>
>> Pander
>>
>
>
More information about the HTTPS-Everywhere-Rules
mailing list