[HTTPS-E Rulesets] Hungry House Rule
Chris Monteiro
c.monteiro at pirateparty.org.uk
Fri Jan 9 13:06:00 PST 2015
Hi all
I hope this is a sufficiently comprehensive rule that'll make its way into
the official rule set :)
https://hungryhouse.co.uk/
BEGIN RANT
Last month's code release for Hungryhouse they actually *removed* the
'secure sign on' option from their site which was the optional https login
page - so the only way to login to the site, a site that holds credit card
information, was to manually edit the address bar from http to https.
The site in fact fights you if you want to use https, be it invalid
certificates ( https://contact.hungryhouse.co.uk/ ) of despite the rule
mostly working, they actually 301 certain https pages back to http for
seemingly no good reason like https://hungryhouse.co.uk/ordertracking
I've contacted their customer support about this in the past without luck :(
I'm the sort of person who always checks the address bar when using a
website, the only major exception to this is when I'm tired and hungry -
and that's when I'm ordering takeaway food online! Hence the supreme
importance of this :)
END RANT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20150109/95d70ba0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Hungryhouse.co.uk.xml
Type: text/xml
Size: 209 bytes
Desc: not available
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20150109/95d70ba0/attachment-0001.xml>
More information about the HTTPS-Everywhere-Rules
mailing list