[HTTPS-Everywhere] Help with creating a rule to work around an issue with Jira
Drake, Brian
brian at drakefamily.tk
Tue Jan 14 00:58:54 PST 2014
Actually, you should probably forget what I said about
platform=mixedcontent. HTTPS Everywhere supports other browsers too, and I
don’t know how they behave.
Once again, I hope someone who understands this software better can help us.
--
Brian Drake
All content created by me:
Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>©
2014 Brian Drake. All rights reserved.
On Tue, Jan 14, 2014 at 0855 (UTC), Drake, Brian <brian at drakefamily.tk>wrote:
> I wasted lots of time on this issue too (but on a different site).
>
> As far as Firefox is concerned, an insecure request is an insecure
> request; it doesn’t care if HSTS rewrites it [1], and presumably, it
> doesn’t care if HTTPS Everywhere rewrites it either. Can someone more
> familiar with how HTTPS Everywhere works internally confirm this?
>
> I guess you’re supposed to use platform=mixedcontent here.
>
> [1]
> https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/(appendix, section 4: “Relying on HSTS to prevent Mixed Content”)
>
> --
> Brian Drake
>
> All content created by me: Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 Brian Drake. All rights reserved.
>
> On Fri, Jan 3, 2014 at 0054 (UTC), James Cox <james at cox.cx> wrote:
>
>> Hi All,
>>
>> I'm trying to write a rule to fix a problem I have with a page that
>> has "mixed active content". I can see in Firefox Console the URL that
>> is being blocked, but when I try to make a simple ruleset to match
>> this URL it doesn't seem to be running.
>>
>> Here's a screenshot of what I'm seeing in the Firefox Console:
>> http://i.imgur.com/DuwLO2X.jpg
>>
>> And here's my rule file:
>> <ruleset name="Conducive">
>> <target host="apps.conducive.com.au" />
>> <rule from="^http://apps\.conducive\
>> .com\.au:443"
>> to="https://apps.conducive.com.au:443"/>
>> </ruleset>
>>
>> Any hints would be greatly appreciated.
>> Thanks,
>> James
>> [snip] <https://lists.eff.org/mailman/listinfo/https-everywhere>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140114/23d74154/attachment.html>
More information about the HTTPS-Everywhere
mailing list