Opened 6 years ago

Closed 5 years ago

#10550 closed defect (user disappeared)

Stackexchange: Unable to login with OpenID

Reported by: bastik Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


HTTPS-E 3.4.5 (Firefox, I can't pick the version of HTTPS-E in "version") ships with a ruleset for Stackexchange, which appears to make it impossible to lock in with Stackexchange as OpenID provider into tor.stackexchange (probably not exclusive).

I get the following message:

Unable to log in with your OpenID provider:
The openid.return_to parameter ( does not match the actual URL ([redacted email-address]&[redacted name]) the request was made with.

This is bad, you know?

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by cfr

Is this related to the other problems which seemed to result from the update to 3.4.5? I reported those originally as because I had not experienced the login issue myself at that point. Now I realise I'm bitten by this too and am unclear whether these are really one bug or two?

comment:2 Changed 6 years ago by bastik

The default was:

  • Stack Exchange (partial) enabled
  • Stack Exchange (mixed content) disabled

and I can reproduce the problem with the untrusted domain, because the domain isn't covered by the certificate. gives me the warning that the connection would not be trustworthy (ssl_error_bad_cert_domain).

This is indeed related to the ruleset, but these should happen without HTTPS-Everywhere when you try to use HTTPS on those sites. For me it does, when I disable the rule for Stack Exchange and try to load "" it fails with the same error, so this is to be expected.

comment:4 Changed 5 years ago by bm

Keywords: httpse-ruleset-bug added
Resolution: user disappeared
Status: newclosed
Note: See TracTickets for help on using tickets.