[HTTPS-Everywhere] Stupid Perl Tricks: ssl_check2.pl
Seth David Schoen
schoen at eff.org
Wed Nov 10 18:23:18 PST 2010
Whizz Mo writes:
> Here are 80 bytes from both strings, starting at offset 1732:
> http: ref="
> http://a1.twimg.com/a/1289433550/images/twitter_57.png" rel="apple-touch-ic
> https: ref="
> https://s3.amazonaws.com/twitter_production/a/1289433550/images/twitter_57.
>
> Note that the starting byte of each listed string is 10 chars before the
> variance occurs. For sites with rotating ad banners, this may be an
> issue.
This particular discrepancy is actually an HTTP/HTTPS issue; these
hosts are both Amazon S3 but the latter is the HTTPS name for the
same resource. For this particular image -- unlike many others --
Twitter realized that it should generate the HTTPS name for the
image resource in order to avoid a mixed-content warning.
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list