#7811: Options on Flashproxy html; Question?
-------------------------+--------------------------------------------------
Reporter: bastik | Owner: dcf
Type: enhancement | Status: needs_revision
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Changes (by dcf):
* status: new => needs_revision
Comment:
> The options page links to "http ://crypto...." instead of "https:
//c..." (shouldn't matter that much, but IMO SSL is better than no SSL)
This is a good but stupid reason for this. The proxy doesn't work if the
embedding page uses https; the reason for this is that unencrypted
WebSockets are not allowed from an encrypted page. Our WebSockets are
unencrypted because the clients do not have CA certs. We use the
`src="//crypto.stanford.edu/..."` trick to avoid causing mixed-content
warnings on the enclosing page, but the proxy badge won't actually work. I
don't know if cookies set on https pages can be read by later http
connections, but if not, then the option page should be plain http.
Do you mind making a patch for the wording change you suggest?
Thank you again for your valuable input.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7811#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online