[HTTPS-Everywhere] Breaking Other Websites

[Daniel Lanigan]

Hi there folks,

Thanks for all of the great work. I love the Add-on. But I can't use it for
google at the moment.

I'm the lead developer for RentJungle.com and in our management interface
(which is non-public =\), we're using Google's Visualization API. I haven't
been able to get https working on the site yet, but it's on the list (there
are some issues with our CDN because we're using CNAMEs, so the certificates
don't match up).

So in short, when calling any functions on the API, which is being fetched
via https, I get a security error (can't call method on NPObject) since the
site is unencrypted and the api is https.

So, I suppose the easiest fix for this would be to not change the protocol
for scripts being called from an unencrypted site, even if the site (google)
has a ruleset, or at least have this as an extra option.

Again, I love it, and thanks. I just don't have time at the moment to update
it myself.

~ Daniel Lanigan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101125/147e9840/attachment.html>