[tor-bugs] #7454 [EFF-HTTPS Everywhere]: Active rules list doesn't indicate effects of securecookie if no URL rewrite took place
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 12 07:17:37 UTC 2012
#7454: Active rules list doesn't indicate effects of securecookie if no URL
rewrite took place
----------------------------------+-----------------------------------------
Reporter: schoen | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
We just had a bug reported about a securecookie rule that applied to all
of MIT (including pages that don't support HTTPS at all!) and was breaking
logins.
However, the ruleset in question didn't appear in the active rules menu,
because no rewrite rule was triggered on the page in question -- only a
securecookie. This made the problem take slightly longer to debug and
made it harder for affected users to work around. The existing logic for
deciding which rules are "active" on the current pages seems to be
triggered solely by rewrite rules.
Since securecookie rules affect page rendering and can even break it,
rulesets containing them should also show up in the active rules menu when
they were applied to a resource on the current page.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7454>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list