HTTPS Everywhere breaks PayPal checkout process

[jonlef]

For www.robotshop.com, ordering with HTTPS Everywhere in the PayPal portion of the checkout breaks the site by rewriting https connection to secure.robotshop.com

The issue has been spotted on Firefox 33.1, Windows 7 - 64 bit.

Please, the rule (​https://www.eff.org/https-everywhere/atlas/domains/robotshop.com.html) on robotshop.com should be modified to not redirect to secure.robotshop.com anymore.

Thank you

[jsha]

I'll work on fixing the rule, thanks for letting us know!

I notice that the site currently redirects httpS://www.robotshop.com/ to ​http://www.robotshop.com/. Any chance I can convince you to disable that redirect, so users who want to browse your site securely can do so?

Thanks,
Jacob

[jonlef]

Hi Jacob,

Thank you for your help. The site already redirects to https in all areas exchanging user information and payment information. About using only https, I take note of the suggestion and we will review it.

Thanks again,

Jon

[jsha]

Thanks Jon! The pull request fixing this is at ​https://github.com/EFForg/https-everywhere/pull/825. It will be included in our next stable release.

As you're probably aware, we strongly believe that all sites should use HTTPS at all times, to protect not only credit card information but also web browsing activity. It's no longer a performance impact on the server side, and the performance change on the client side is negligible, or even an improvement if you use SPDY (which depends on HTTPS).

[teor]

Set all open tickets without a severity to "Normal"