[tor-bugs] #4408 [EFF-HTTPS Everywhere]: HTTPS Everywhere breaks the YouTube JS API
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 25 22:31:10 UTC 2013
#4408: HTTPS Everywhere breaks the YouTube JS API
----------------------------------+-----------------------------------------
Reporter: raylu | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: httpse-ruleset-bug | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by pde):
ari-_-e reported some research on this via IRC. Apparently it seems to be
caused by Youtube's JS doing DOM introspection of a .src attribute to
learn the URI scheme of the player iframe. ari-_-e says that if HTTPS E
rewrites the iframe, the DOM .src attribute still indicates "http".
Interestingly, when images are rewritten the DOM .src attirbute is HTTPS.
We need to investigate whether this is dependent on which API pathway the
rewrites occurs on, and whether the #3190 patch landing in FF 20 changes
the situation.
ari-_-e is working on a clean/simple reproduction case for this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4408#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list