[HTTPS-Everywhere] HTTPS-Everywhere not redirecting GETs made after page load
Yan Zhu
yan at mit.edu
Tue Aug 13 18:37:56 PDT 2013
For anyone who is curious, I looked into this some more (see below).
On Thu, Aug 1, 2013 at 3:56 PM, Claudio Moretti <flyingstar16 at gmail.com>wrote:
> Hi everyone,
>
> I don't know if it's a compatibility issue with one of my addons or
> something else, but here's what's happening to me:
>
> I'm trying to load 9GAG and while the main page loads, the subsequent AJAX
> calls are not.
>
>
I looked at the AJAX calls in Firebug today with HTTPS Everywhere on and
found that they load except for the ones to 9gag.com URLs. When I disable
the 9gag.com rule, all Ajax calls load.
When the 9gag.com rule is enabled, it gets marked as "moot" (dark brown)
because 9gag.com redirects to HTTP. After HTTPS Everywhere tries to
redirect it 10 times without success, it adds it to a blacklist so that we
don't get stuck in an infinite redirect loop.
So it seems that while HTTPS Everywhere correctly detects the redirect loop
when loading 9gag.com, it doesn't detect redirect loops for subsequent Ajax
calls to that domain.
This may be related to the fact that we currently can't detect Javascript
redirection loops at all (
https://trac.torproject.org/projects/tor/ticket/4286).
If so, I think the only solution is to turn off the 9gag rule by default
til we fix that ticket. :/
-Yan
> I believe this is happening because, for some reason, this particular
> website is trying to load HTTP resources even when browsed over HTTPS.
> Meaning that when I checked with Firebug, I found out my browser was trying
> to load
>
> *http*://platform.twitter.com/widgets.js
>
> along with some others (screenshot:
> http://img27.imageshack.us/img27/7821/noyp.png)
>
>
Any advice? for now my only option is to disable HTTPS-Everywhere, because
> disabling the rules only doesn't seem to work (and, moreover, I'm disabling
> too many common APIs for my taste - Google mostly - so it's faster if I
> disable HTTPS-E)
>
> Thanks,
>
> Claudio
>
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
>
--
Yan Zhu
http://web.mit.edu/zyan/www/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20130813/b1cc9ea0/attachment.html>
More information about the HTTPS-everywhere
mailing list