[tor-bugs] #11617 [EFF-HTTPS Everywhere]: HTTPS-E v3.5.1 breaks Sape blog/forum login
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 26 13:54:57 UTC 2014
#11617: HTTPS-E v3.5.1 breaks Sape blog/forum login
----------------------------------+-----------------------------
Reporter: Ache | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone: HTTPS-E 3.5
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+-----------------------------
v3.5.1 accepts user/pass for Sape blog and forum, but then happens nothing
after redirect, i.e. user is not logged in. Looking into Sape.xml I found:
<!--
Nonfunctional subdomains:
- blog
- forum
-->
Well, this is true.
...
<securecookie host="^.*\.sape\.ru$" name=".+" />
And I think this one line breaks logins because blog.sape.ru and
forum.sape.ru are not excluded from secure cookie and have normal cookie
in fact.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11617>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list