[HTTPS-Everywhere] Help with creating a rule to work around an issue with Jira
Drake, Brian
brian at drakefamily.tk
Tue Jan 14 00:55:07 PST 2014
I wasted lots of time on this issue too (but on a different site).
As far as Firefox is concerned, an insecure request is an insecure request;
it doesn’t care if HSTS rewrites it [1], and presumably, it doesn’t care if
HTTPS Everywhere rewrites it either. Can someone more familiar with how
HTTPS Everywhere works internally confirm this?
I guess you’re supposed to use platform=mixedcontent here.
[1]
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/(appendix,
section 4: “Relying on HSTS to prevent Mixed Content”)
--
Brian Drake
All content created by me:
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2014 Brian Drake. All rights reserved.
On Fri, Jan 3, 2014 at 0054 (UTC), James Cox <james at cox.cx> wrote:
> Hi All,
>
> I'm trying to write a rule to fix a problem I have with a page that
> has "mixed active content". I can see in Firefox Console the URL that
> is being blocked, but when I try to make a simple ruleset to match
> this URL it doesn't seem to be running.
>
> Here's a screenshot of what I'm seeing in the Firefox Console:
> http://i.imgur.com/DuwLO2X.jpg
>
> And here's my rule file:
> <ruleset name="Conducive">
> <target host="apps.conducive.com.au" />
> <rule from="^http://apps\.conducive\
> .com\.au:443"
> to="https://apps.conducive.com.au:443"/>
> </ruleset>
>
> Any hints would be greatly appreciated.
> Thanks,
> James
> [snip] <https://lists.eff.org/mailman/listinfo/https-everywhere>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140114/98e9992d/attachment-0001.html>
More information about the HTTPS-Everywhere
mailing list