[tor-bugs] #12415 [EFF-HTTPS Everywhere]: HTTPS Everywhere - redirect loops on TechnologyReview.com
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 17 15:02:31 UTC 2014
#12415: HTTPS Everywhere - redirect loops on TechnologyReview.com
----------------------------------+----------------------
Reporter: brunascle | Owner: zyan
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: httpse-ruleset-bug | Actual Points:
Parent ID: | Points:
----------------------------------+----------------------
HTTPS Everywhere causes redirect loops on TechnologyReview.com after
authentication.
The specific cause is the <securecookie> in the ruleset.
TechnologyReview.com uses two session cookies, one for HTTP and one for
HTTPS. Setting the HTTP session cookie to secure-only causes redirect
loops between the HTTPS login page and any HTTP page that requires
authentication.
Removing <securecookie> from the TechnologyReview.xml ruleset fixes it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12415>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list