[HTTPS-Everywhere] Rewriting to data: instead of https: scheme (was: Re: Vimeo login issue)
Seth David Schoen
schoen at eff.org
Fri Dec 10 00:58:11 PST 2010
Dan ALEXANDRU writes:
> Hi,
>
> I've attached my attempt to force the use of the secure login form
> on Vimeo.com. The sign-in address is not advertised anywhere (but
> can be deduced based on the certificate warning when guessing it).
>
> The issue I have is that the secure form at
> https://secure.vimeo.com/log_in includes
> http://a.vimeocdn.com/images/land_cloud.png and thus does not get
> the "secure connection" badge. (See my attempt to work around this.)
> But while clicking on the cloud image shows that the extension
> replaced it with the local data: URI, Firefox still doesn't show the
> badge.
>
> Is this a bug in Firefox, or did I miss something (in the rule) ?
This is a fascinating idea. Does anybody know why it doesn't work?
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list