[HTTPS-Everywhere] Issue - utm.gif firing off twice

Thu Nov 4 02:42:33 PDT 2010

On 04/11/2010 04:29, brendan.halloran at diird.vic.gov.au wrote:

> I would like to report that when https-everywhere is enabled in FF, it
> forces the Google Analytics utm.gif to be fired off twice - once to
> http://www.google-analytics.com/__utm.gif and once to
> https://ssl.google-analytics.com/__utm.gif

That shouldn't happen. HTTPS Everywhere should be intercepting requests
for http://www.google-analytics.com/__utm.gif and rewriting them to
https://ssl.google-analytics.com/__utm.gif

The HTTP request shouldn't actually take place. Are you seeing that
request take place over the wire? Or are you just using some sort of
addon which is claiming that the HTTP request is taking place?

> This is unnecessary, as Google Analytics will by default use HTTPS if the
> website's protocol is HTTPS.

What is unnecessary? If Google Analytics uses HTTPS everywhere then
HTTPS-Everywhere will not intercept it. If it uses HTTP, then
HTTPS-Everywhere will intercept the request and rewrite it to HTTPS
before it takes place...

> The rule to update is found at:
> 
> https://gitweb.torproject.org/schoen/https-everywhere.git/blob/every-last-rule:/src/chrome/content/rules/GoogleAPIs.xml
> 
> Lines 2 and 3 should be removed.

I'm not sure why? All that would do is make it so those requests aren't
rewritten from http to https?

-- 
Mike Cardwell - Perl/Java/Web/Linux/Email developer and sysadmin
PGP Key(0018461F) - 35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
Read my tech Blog                - https://secure.grepular.com/
Follow me on Twitter             - https://twitter.com/mickeyc
Hire me - http://cardwellit.com/ - http://linkedin.com/in/mikecardwell

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101104/0012a758/attachment.sig>