[HTTPS-Everywhere] Overriding warning about insecure form submission
Robert Ransom
rransom.8774 at gmail.com
Mon Oct 31 05:25:11 PDT 2011
On 2011-10-31, Kristen Eisenberg <kristen.eisenberg at yahoo.com> wrote:
> A small number of sites have hardcoded form submission targets to
> use HTTP URLs, which generates a warning that
>
> Although this page is encrypted, the information you have entered is
> to be sent over an unencrypted connection and could easily be read by
> a third party.
>
> Two current examples are
>
> https://pay.reddit.com/
>
> (enter something in the "search Reddit" box) and
>
> https://www.abebooks.com/
>
> (enter an author and click "Find Book").
>
> Some, but not all, of the search boxes on EFF's own site had the same
> problem until recently, but that's been fixed. I'm still planning to
> try to get these other sites to fix it. But the interesting thing is
> that, in each of these cases, HTTPS Everywhere successfully rewrites
> the form submission URL and submits the form securely. So the warning
> is actually wrong: the information is not going to be sent over an
> unencrypted connection.
>
>
> Kristen Eisenberg
> Billige Flüge
> Marketing GmbH
> Emanuelstr. 3,
> 10317 Berlin
> Deutschland
> Telefon: +49 (33)
> 5310967
> Email:
> utebachmeier at
> gmail.com
> Site:
> http://flug.airego.de
> - Billige Flüge vergleichen
Please ignore the spammer.
(This spam message is a copy of
https://mail1.eff.org/pipermail/https-everywhere/2011-June/000894.html
. Some other examples:
https://mail1.eff.org/pipermail/observatory/2011-October/000461.html
(spam) is a copy of
https://mail1.eff.org/pipermail/observatory/2011-June/000255.html ,
and http://lists.r6rs.org/pipermail/r6rs-discuss/2011-October/006359.html
(spam) is a (partial) copy of
http://lists.r6rs.org/pipermail/r6rs-discuss/2010-February/006121.html
.)
Robert Ransom
More information about the HTTPS-everywhere
mailing list