[tor-bugs] #15490 [HTTPS Everywhere: Chrome]: Google Videos ruleset causes 404s on Google Images with HTTPS Everywhere 2015.3.23

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 27 12:30:49 UTC 2015 

#15490: Google Videos ruleset causes 404s on Google Images with HTTPS Everywhere
2015.3.23
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  normal                               |      Milestone:
Component:  HTTPS Everywhere: Chrome             |        Version:
 Keywords:  google images videos https           |  Actual Points:
  everywhere 404 chrome                          |         Points:
Parent ID:                                       |
-------------------------------------------------+-------------------------
 Upon visiting a Google Images search result page and middle-clicking an
 image directly, without expanding the result first, the target URL that is
 opened in a new tab appears to be rewritten to a nonexistent URL, causing
 Google to serve a 404 in response (as expected).

 This happened when disabling all browser extensions except for HTTPS
 Everywhere 2015.3.23.

 This happened when disabling all active rulesets on the page except for
 Google Videos.

 This could not be verified when enabling all active rulesets on the page
 except for Google Videos.

 I have JavaScript enabled in Chrome version 41.0.2272.101 on Linux
 (32-bit).

 The Google Videos ruleset may be obsolete, as YouTube has a distinct
 ruleset. It is possible that the only use case for it left is to have
 Google redirect users from videos.google.com/* to www.google.com/* more
 securely over HTTPS, without connecting over HTTP first. If so, a
 suggested fix would be to remove the ruleset entirely if this is already
 covered by another ruleset, given that there are so many for Google. For
 security reasons, I did not verify this possible redundancy myself.

 Quick test URL with funny picture as a bonus:

 https://encrypted.google.com/search?tbm=isch&q=%22pets+in+offices+share+your+photos+and%22+guardian

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15490>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list