Opened 7 years ago

Closed 6 years ago

#11213 closed defect (fixed)

Cannot login to reddit.com with the Tor Browser Bundle

Reported by: toruser23 Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: tbb-usability-website, needs-triage
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Attempting to login to reddit.com redirects you to the same page but does not show that you have logged in. After you attempt to login you can visit https://pay.reddit.com/ to show that you are actually logged in if you're using ssl. But all of reddit redirects back to http://www.reddit.com resulting in not ability to use your login at all since ssl is not supported for the whole site. I am not sure why this happens but it makes reddit unusable.

Tested against TBB 3.5.2.1.

Child Tickets

Change History (18)

comment:1 Changed 7 years ago by sukhbir

If it helps, here is what works:

Make sure you have the HTTPS Everywhere rule for reddit.com enabled (experimental). Then vist https://pay.reddit.com/ and then log in. That way, you won't be redirected to http://www.reddit.com and will always be on pay.reddit.com, which uses SSL. I see occasional warnings but it works 99% of the time.

comment:2 in reply to:  1 Changed 7 years ago by toruser23

Replying to sukhbir:

...

This works well thanks for the workaround. Hopefully the devs will have an idea how to fix it properly though.

comment:3 Changed 7 years ago by gk

Keywords: tbb-usability-website added; tbb reddit removed

comment:4 Changed 7 years ago by fisher

You can also do it by logging in directly at: https://ssl.reddit.com/login

Not sure this malfunction is really TBB's tho.

comment:5 in reply to:  4 Changed 7 years ago by toruser23

Replying to fisher:

You can also do it by logging in directly at: https://ssl.reddit.com/login

Not sure this malfunction is really TBB's tho.

This will not work if it ever worked cause you're redirected to the http version of reddit after signing in.

comment:6 Changed 7 years ago by toruser23

New steps to login to reddit on TBB 3.5.4 and HTTPS-Everywhere 3.5:

  1. Disable the Reddit (via pay.reddit.com) rule
  2. Go to https://pay.reddit.com/login and login
  3. Renable the Reddit (via pay.reddit.com) rule
  4. Go to your subreddit/front

Trying to login with the 'Reddit (via pay.reddit.com) rule' as of HTTPS-Everywhere 3.5 will result in the following error message: an error occurred (status: 0)

Happy redditing.

comment:7 Changed 7 years ago by gk

Component: Tor bundles/installationEFF-HTTPS Everywhere
Owner: changed from erinn to pde

Looks like an HTTPS-Everywhere issue...

comment:8 in reply to:  7 ; Changed 7 years ago by toruser23

Replying to gk:

Looks like an HTTPS-Everywhere issue...

Unfortuantly this isn't just a HTTPS Everywhere issue. For example if I disable HTTPS Everywhere I still have to go to https://pay.reddit.com/ to see that I am actually logged in as soon as I go back to http://www.reddit.com/ it shows me the login and password dialog again as if I haven't logged in at all. This is all with HTTPS Everywhere disabled.

I can only guess it might be some sort of mixed content issue because Reddit uses a https login embedded in a http page. Only the login appears to be ssl and the rest of the page is plain http.

Last edited 7 years ago by toruser23 (previous) (diff)

comment:9 in reply to:  8 ; Changed 7 years ago by gk

Replying to toruser23:

Replying to gk:

Looks like an HTTPS-Everywhere issue...

Unfortuantly this isn't just a HTTPS Everywhere issue. For example if I disable HTTPS Everywhere I still have to go to https://pay.reddit.com/ to see that I am actually logged in as soon as I go back to http://www.reddit.com/ it shows me the login and password dialog again as if I haven't logged in at all. This is all with HTTPS Everywhere disabled.

I can only guess it might be some sort of mixed content issue because Reddit uses a https login embedded in a http page. Only the login appears to be ssl and the rest of the page is plain http.

Okay, interesting. Does it work with a vanilla Firefox ESR 24?

comment:10 Changed 7 years ago by gk

Component: EFF-HTTPS EverywhereTor bundles/installation
Owner: changed from pde to erinn

If it's not an HTTPS-E issue let's move it back...

comment:11 in reply to:  9 Changed 7 years ago by toruser23

Replying to gk:

Replying to toruser23:
Okay, interesting. Does it work with a vanilla Firefox ESR 24?

I have tested with Firefox 24.4.0 ESR and it worked fine so this is a Tor Browser Bundle issue.

comment:12 Changed 7 years ago by toruser23

This bug is still present in TBB 3.6.

comment:13 Changed 6 years ago by fisher

The bug is still present in TBB 3.6.2 (windows).

It's possible to login using https://pay.reddit.com and then reloading the page.

Also, private messaging breaks very easily (a redirect problem happens). The solution is grabbing the http URL (when possible)and prepend the 'https://'

I'll try and look into this issue more closely over the next days; considering reddit nowadays is such an important place to read unbiased news and share opinion freely, I think it deserves some effort - besides, we're denying common users who lack knowledge the possibility to use the site.

comment:14 in reply to:  1 Changed 6 years ago by dt

Replying to sukhbir:

If it helps, here is what works:

Make sure you have the HTTPS Everywhere rule for reddit.com enabled (experimental). Then vist https://pay.reddit.com/ and then log in. That way, you won't be redirected to http://www.reddit.com and will always be on pay.reddit.com, which uses SSL. I see occasional warnings but it works 99% of the time.

I tried this but it worked for a day or so and soon started behaving like the earlier. Is it because one time I logged in through ​https://pay.reddit.com and another time from regular www.reddit.com.

comment:15 Changed 6 years ago by erinn

Keywords: needs-triage added

comment:16 Changed 6 years ago by dcf

Status: newneeds_review

I'm guessing this might be fixed?
https://gitweb.torproject.org/https-everywhere.git/commitdiff/6d7829b69d9b27db4901b0713a4e99b5de2efe39
The HTTPS Everywhere rule no longer uses pay.reddit.com.

comment:17 in reply to:  16 Changed 6 years ago by toruser23

Replying to dcf:

I'm guessing this might be fixed?
https://gitweb.torproject.org/https-everywhere.git/commitdiff/6d7829b69d9b27db4901b0713a4e99b5de2efe39
The HTTPS Everywhere rule no longer uses pay.reddit.com.

Does seem to be fixed in TBB 4.0 HTTPS Everywhere 4.0.2.

comment:18 Changed 6 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Closing then.

Note: See TracTickets for help on using tickets.