[or-cvs] [https-everywhere/master 2/2] thanks to Chris Soghoian for pointing out that HTTPS is available here now!

schoen at torproject.org schoen at torproject.org
Thu Nov 11 20:24:27 UTC 2010


Author: Seth Schoen <schoen at eff.org>
Date: Thu, 11 Nov 2010 12:23:52 -0800
Subject: thanks to Chris Soghoian for pointing out that HTTPS is available here now!
Commit: 17c79ff60421ec03287111680d2cbbaf22d9546a

---
 src/chrome/content/rules/Live.xml |   22 +++++++++++++++++++---
 1 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/chrome/content/rules/Live.xml b/src/chrome/content/rules/Live.xml
index 138428d..2649560 100644
--- a/src/chrome/content/rules/Live.xml
+++ b/src/chrome/content/rules/Live.xml
@@ -1,6 +1,22 @@
 <ruleset name="Live">
-  <target host="login.live.com" />
-  <target host="onecare.live.com" />
-
+  <target host="*" />
+  <!-- target host is * because Live URLs can contain multiple unpredictable
+       components, like http://snXXXw.sntXXX.mail.live.com/default.aspx
+       In the current target host syntax, a wildcard can match only one
+       hostname element, not two, and only one wildcard per target host
+       is permitted. -->
+  
+  <!-- Microsoft itself protects the login this way but we can prevent
+       against SSL stripping. -->
   <rule from="^http://(login|onecare)\.live\.com/" to="https://$1.live.com/"/>
+
+  <!-- Both of these appear to trigger two good things: (1) the user is
+       prompted to make HTTPS the default; (2) even if the user decides
+       not to, the remainder of that mail-reading session is automatically
+       HTTPS-only. -->
+  <rule from="^http://(www\.)hotmail\.com/" to="https://www.hotmail.com/"/>
+  <rule from="^http://([^@:/]+)\.([^@:/]+)\.mail.live.com/" to="https://$2.mail.live.com/"/>
+  <!-- example:
+       http://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0 >>>
+       https://snt133.mail.live.com/default.aspx?wa=wsignin1.0  -->
 </ruleset>
-- 
1.7.1



More information about the tor-commits mailing list