[tor-bugs] #7135 [HTTPS Everywhere: Chrome]: https everywhere breaks bahncard.bahn.de
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Oct 17 17:38:54 UTC 2012
#7135: https everywhere breaks bahncard.bahn.de
--------------------------------------+-------------------------------------
Reporter: hanno | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: HTTPS Everywhere: Chrome | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
In the newsletters from "Deutsche Bahn" (german railway company), they use
links like this:
http://bahncard.bahn.de/cgi-bin9/DM/t/mBwo0vAbY04S0BOtj0Fy
These are only forwarding URLs.
However, https everywhere changes them to https. But this domain does not
have a valid ssl certificate configured.
It seems https everywhere redirects all subdomains *.bahn.de to https.
This works for www.bahn.de and also reiseauskunft.bahn.de (the two most
common ones probably), but it seems not for others. It should restrict the
forwarding rules to specific subdomains that definitely work with https.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7135>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list