[tor-bugs] #7650 [EFF-HTTPS Everywhere]: "Asymmetric Publications (partial)" rule breaks kingdomofloathing.com
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 5 23:46:10 UTC 2012
#7650: "Asymmetric Publications (partial)" rule breaks kingdomofloathing.com
----------------------------------+-----------------------------------------
Reporter: zwol | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
The ruleset Asymmetric-Publications.xml (aka "Asymmetric Publications
(partial)") attempts to rewrite all URLs under *.kingdomofloathing.com to
HTTPS. If you log into the site with this rule in effect, you will be
taken to https://www.kingdomofloathing.com/game.php, which force-redirects
to http://www.kingdomofloathing.com/game.php with a <meta http-
equiv="refresh"> tag in the HTML (*not* with an HTTP 3xx response code).
The ruleset will rewrite this load back to https://, placing the site into
an infinite loop.
I don't know how much of the site will refuse to be served over HTTPS. It
is possible that just blacklisting game.php would make the ruleset work;
however, it seems clearly the intention of the site admins to serve only
the login page over HTTPS (optionally), so I'd be inclined to follow suit.
I was going to inquire about the level of HTTPS support in the site's
forums but I can't log in there.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7650>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list