[tor-commits] [flashproxy/master] Use plain http (not https) in embed links.

dcf at torproject.org dcf at torproject.org
Wed Jun 6 05:47:28 UTC 2012 

commit 1caa8dad46cd4a803036ebc0b76f4f9e6784e196
Author: David Fifield <david at bamsoftware.com>
Date:   Tue Jun 5 22:10:18 2012 -0700

    Use plain http (not https) in embed links.
    
    Using https would be preferable, which is why I changed this to explicit
    https in 836b7a27. But I learned that Firefox doesn't allow making a
    plaintext (ws) WebSocket connection in an https page; you have to use
    wss instead, for the same reason you get mixed-content warnings.
    
    https://bugzilla.mozilla.org/show_bug.cgi?id=662692
    https://developer.mozilla.org/en/Firefox_8_for_developers#WebSockets
    https://developer.mozilla.org/en/WebSockets/Writing_WebSocket_client_applications#Security_considerations
    
    I think that we can't use wss sockets because they would require each
    client to have a CA cert.
    
    In the iframe link, I've left the protocol implicit, so it will use
    https if the page itself is https and http otherwise. This is to avoid
    using mixed content, but the badge won't work if the browser disallows
    the plaintext WebSocket.
    
    The about:config setting that controls this is
    network.websocket.allowInsecureFromHTTPS.
---
 README                      |    8 ++++----
 doc/websocket-transport.txt |    4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README b/README
index c00804b..71fbffe 100644
--- a/README
+++ b/README
@@ -26,7 +26,7 @@ changing pool of addresses.
 This page has a description of the project; viewing it also turns your
 computer into a flash proxy as long as the page is open.
 
-https://crypto.stanford.edu/flashproxy/
+http://crypto.stanford.edu/flashproxy/
 
 
 == Quick start for users
@@ -46,7 +46,7 @@ if you are able to configure port forwarding or receive direct
 connections from the Internet.
 
 If you don't get a connection within 30 seconds or so, make sure someone
-with Flash Player is viewing https://crypto.stanford.edu/flashproxy/.
+with Flash Player is viewing http://crypto.stanford.edu/flashproxy/.
 There aren't yet enough operational proxies that one is available all
 the time.
 
@@ -87,7 +87,7 @@ without having to do port forwarding.
 
 === Troubleshooting
 
-Make sure someone is viewing https://crypto.stanford.edu/flashproxy/, or
+Make sure someone is viewing http://crypto.stanford.edu/flashproxy/, or
 another web page with a flash proxy badge on it.
 
 Sometimes Tor can think that the bridge you reach through a proxy is
@@ -131,7 +131,7 @@ Add this line to torrc to make the relay use the external proxy:
 
 Paste in this HTML where you want the badge to appear:
 
-<iframe src="https://crypto.stanford.edu/flashproxy/embed.html" width="70px" height="23px" frameBorder="0" scrolling="no"></iframe>
+<iframe src="//crypto.stanford.edu/flashproxy/embed.html" width="70px" height="23px" frameBorder="0" scrolling="no"></iframe>
 
 
 == For developers
diff --git a/doc/websocket-transport.txt b/doc/websocket-transport.txt
index ad1eef5..cf46301 100644
--- a/doc/websocket-transport.txt
+++ b/doc/websocket-transport.txt
@@ -103,7 +103,7 @@ Examples
 
 > GET / HTTP/1.1\r\n
 > Host: 192.0.2.1:80\r\n
-> Origin: https://example.com\r\n
+> Origin: http://example.com\r\n
 > Sec-WebSocket-Version: 13\r\n
 > Sec-WebSocket-Key: mzo2xSF9N8VUxuefqO0RSw==\r\n
 > Connection: Upgrade\r\n
@@ -121,7 +121,7 @@ Examples
 
 > GET / HTTP/1.1\r\n
 > Host: 192.0.2.1:80\r\n
-> Origin: https://example.com\r\n
+> Origin: http://example.com\r\n
 > Sec-WebSocket-Version: 13\r\n
 > Sec-WebSocket-Protocol: base64\r\n
 > Sec-WebSocket-Key: k5Ybhw0XBDeBfmda1J9ooQ==\r\n

More information about the tor-commits mailing list