Opened 6 years ago

Closed 5 years ago

#12973 closed defect (fixed)

Expedia broken

Reported by: cypherpunks Owned by: zyan
Priority: Medium Milestone: HTTPS-E 3.2.3
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version: HTTPS-E 3.4.3
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Use of Expedia.com (to search for hotels or flights, for example) breaks when HTTPS Everywhere is enabled. On my installation v3.5.3 (and many versions before) Expedia is shown as active on HTTPS dropdown with a red 'refresh' circle icon next to it. (Not sure what that icon means vs the others.) Regardless, when actions like hotel or flight search are performed the results pages break with no entries. Turning off HTTPS for Expedia.com solves the problem.
This trouble ticket applies with Firefox v31(windows).
My HTTPS-E version is 3.5.3 which isn't on ticket selection list.

REPRODUCTION:
Go to expedia.com and search, for example, on New York hotels staying next weekend. Results page will be empty. Redo search with expedia.com disabled on HTTPSE (red X icon) and it will work.

SOLUTION:
Barring Expedia.com changing anything it would appear that Expedia.com needs to be removed from the list of enabled sites by default.

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by cypherpunks

I have found that: "... Clockwise Red Arrow: broken rule -- the ruleset is active but the server is redirecting at least some URLs back from HTTPS to HTTP...."

Thus the access of expedia.com is already demonstrating the existing rule has a problem. It is printed below. I do not have the necessary ability to troubleshoot or correct it. All I say is that it breaks the site and turning off fixes. Any thoughts or comments? Can anybody replicate my issue? (I reproduced on multiple machines.)
====================
<ruleset name="Expedia">

<target host="expedia.com" />
<target host="*.expedia.com" />
<target host="expedia.co.uk" />
<target host="*.expedia.co.uk" />

<securecookie host="\.expedia\.co(?:om|\.uk)$" name=".+" />

<!-- Cert only matches *.expedia.com.

-->

<rule from="https?:(?:www\.)?expedia\.com/"

to="https://www.expedia.com/" />

<rule from="http://media\.expedia\.com/"

to="https://media.expedia.com/" />

<rule from="http://(www\.)?expedia\.co\.uk/"

to="https://$1expedia.co.uk/" />

</ruleset>

Last edited 6 years ago by cypherpunks (previous) (diff)

comment:2 Changed 6 years ago by cypherpunks

"...SOLUTION: Barring Expedia.com changing anything it would appear that Expedia.com needs to be removed from the list of enabled sites by default..."

Or, of course, changes made to the ruleset.

Last edited 6 years ago by cypherpunks (previous) (diff)

comment:3 Changed 5 years ago by cypherpunks

Resolution: fixed
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.