Opened 4 years ago

Last modified 12 days ago

#11617 reopened defect

HTTPS-E v3.5.3 breaks Sape blog/forum login

Reported by: Ache Owned by: pde
Priority: Medium Milestone: HTTPS-E 3.5
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

v3.5.1 accepts user/pass for Sape blog and forum, but then happens nothing after redirect, i.e. user is not logged in. Looking into Sape.xml I found:
<!--

Nonfunctional subdomains:

  • blog
  • forum

-->
Well, this is true.
...

<securecookie host=".*\.sape\.ru$" name=".+" />

And I think this one line breaks logins because blog.sape.ru and forum.sape.ru are not excluded from secure cookie and have normal cookie in fact.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by Ache

Keywords: httpse-ruleset-bug added

comment:2 Changed 4 years ago by Ache

Summary: HTTPS-E v3.5.1 breaks Sape blog/forum loginHTTPS-E v3.5.1 breaks Sape blog/forum login (FF 29)

comment:3 Changed 3 years ago by Ache

Resolution: fixed
Status: newclosed

Seems to be fixed in 3.5.3

comment:4 Changed 3 years ago by Ache

Resolution: fixed
Status: closedreopened
Summary: HTTPS-E v3.5.1 breaks Sape blog/forum login (FF 29)HTTPS-E v3.5.3 breaks Sape blog/forum login

Oops, really not fixed in 3.5.3, reopen

comment:5 Changed 12 days ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.