[HTTPS-Everywhere] New craigslist rule
Yan Zhu
yan at mit.edu
Mon Aug 19 16:13:42 PDT 2013
Oh, it turns out we are all very confused and stuff is getting resolved in
the IRC channel.
Chris (the one who sent this patch) actually works at Craigslist, and he
and his co-workers decided to add SSL support to images.craigslist.org. But
he says blog.craigslist.org should be excluded.
pde has already refactored and merged the 4th level subdomains patch into
master.
-Yan
On Mon, Aug 19, 2013 at 3:57 PM, Yan Zhu <yan at mit.edu> wrote:
> In other Craigslist-rule-related news, I just found that
> blog.craigslist.org doesn't have a valid cert.
>
> I'll try to keep
> https://github.com/diracdeltas/https-everywhere/blob/HEAD/src/chrome/content/rules/Craigslist.org.xmlupdated with the current state of Craigslist breakage.
>
> -Yan
>
>
> On Mon, Aug 19, 2013 at 3:22 PM, Yan Zhu <yan at mit.edu> wrote:
>
>> I did email Craigslist yesterday about images.craigslist.org. It would
>> be awesome if they fixed it already!
>>
>> Micah, I think Chris's patch is useful for a different problem. Ex:
>> https://elpaso.en.craigslist.org does not have a valid cert.
>>
>> I'll email Craigslist about this other bug as well.
>>
>>
>> On Mon, Aug 19, 2013 at 3:00 PM, Micah Lee <micah at eff.org> wrote:
>>
>>> Hi Chris,
>>>
>>> I'm looking into applying your patch, but I actually can't seem to
>>> reproduce the problem. I've tried a couple different versions of Firefox
>>> and both the stable and dev version of HTTPS Everywhere, but images on
>>> Craigslist are loading fine for me:
>>>
>>> https://trac.torproject.org/projects/tor/ticket/9528#comment:3
>>>
>>> Can you tell me what setup you're using and a specific URL where images
>>> break?
>>>
>>> On 08/19/2013 01:49 PM, Christopher Mooney wrote:
>>> > I have a fix for the new craigslist rule that should exclude 4th level
>>> subdomains, since craigslist does not have wildcard certs for these
>>> domains. I sent this request to pde in IRC, but someone mentioned that he
>>> was on sabbatical and that this list was a better place to send the pull
>>> request. These 4th level domains are language specifiers, and this scheme
>>> is likely to change in the future.
>>> >
>>> > There is one more issue with craigslist not providing images over SSL,
>>> but that should be resolved soon.
>>> >
>>> > Please review this diff for accuracy, I only read the https everywhere
>>> documentation very quickly.
>>> >
>>> > Diff:
>>> > -----
>>> > https://github.com/godsflaw/https-everywhere/compare/7faa1c8...539a859
>>> >
>>> > To merge this pull request:
>>> > ---------------------------
>>> > git checkout master
>>> > git pull
>>> > git pull https://github.com/godsflaw/https-everywhere.git craigslist
>>> > git push origin master
>>> >
>>> > Cheers,
>>> > Chris
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > HTTPS-everywhere mailing list
>>> > HTTPS-everywhere at mail1.eff.org
>>> > https://mail1.eff.org/mailman/listinfo/https-everywhere
>>> >
>>>
>>>
>>> --
>>> Micah Lee
>>> Staff Technologist
>>> Electronic Frontier Foundation
>>> https://eff.org/join
>>> @micahflee
>>>
>>>
>>> _______________________________________________
>>> HTTPS-everywhere mailing list
>>> HTTPS-everywhere at mail1.eff.org
>>> https://mail1.eff.org/mailman/listinfo/https-everywhere
>>>
>>
>>
>>
>> --
>> Yan Zhu
>> http://web.mit.edu/zyan/www/
>>
>
>
>
> --
> Yan Zhu
> http://web.mit.edu/zyan/www/
>
--
Yan Zhu
http://web.mit.edu/zyan/www/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20130819/539719f5/attachment.html>
More information about the HTTPS-everywhere
mailing list