[HTTPS-Everywhere] wrong FAQ "Q. Why use a whitelist of sites that support HTTPS?"
Seth David Schoen
schoen at eff.org
Thu Aug 29 10:12:18 PDT 2013
Claudio Moretti writes:
> store.linksys.com should redirect to HTTPS, with the exclusion of
> "/(?!\w+\.css$|css/|imagecache/|images/|moduleimages/)".
>
> But as you can see in
>
> http://img10.imageshack.us/img10/2369/wngt.png
>
> that rule is active, but the store is loaded over HTTP :/
>
> I have no idea what's happening. Help?
If a site sends a redirect that explicitly contradicts a rewrite rule,
HTTPS Everywhere will honor the redirect from the site in order to avoid
a redirect loop.
That is, if we have a rule that rewrites http://www.example.com/ →
https://www.example.com/, and we load the latter page but the site
replies with a redirect sending us back to http://www.example.com/, we
will just accept that and give up, in order to avoid constantly bouncing
back and forth between the two URLs. This is probably what's happened in
this store.linksys.com case.
You can confirm this by looking at the Javascript error console or the text
output of Firefox, if you start Firefox from the command line.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list