Opened 5 years ago
Last modified 2 years ago
#13832 new defect
HTTPS Everywhere breaks PayPal checkout process
Reported by: | jonlef | Owned by: | zyan |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | HTTPS Everywhere/EFF-HTTPS Everywhere | Version: | |
Severity: | Normal | Keywords: | httpse-ruleset-bug |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
For www.robotshop.com, ordering with HTTPS Everywhere in the PayPal portion of the checkout breaks the site by rewriting https connection to secure.robotshop.com
The issue has been spotted on Firefox 33.1, Windows 7 - 64 bit.
Please, the rule (https://www.eff.org/https-everywhere/atlas/domains/robotshop.com.html) on robotshop.com should be modified to not redirect to secure.robotshop.com anymore.
Thank you
Child Tickets
Change History (4)
comment:1 Changed 5 years ago by
comment:2 Changed 5 years ago by
Hi Jacob,
Thank you for your help. The site already redirects to https in all areas exchanging user information and payment information. About using only https, I take note of the suggestion and we will review it.
Thanks again,
Jon
comment:3 Changed 5 years ago by
Thanks Jon! The pull request fixing this is at https://github.com/EFForg/https-everywhere/pull/825. It will be included in our next stable release.
As you're probably aware, we strongly believe that all sites should use HTTPS at all times, to protect not only credit card information but also web browsing activity. It's no longer a performance impact on the server side, and the performance change on the client side is negligible, or even an improvement if you use SPDY (which depends on HTTPS).
comment:4 Changed 2 years ago by
Severity: | → Normal |
---|
Set all open tickets without a severity to "Normal"
I'll work on fixing the rule, thanks for letting us know!
I notice that the site currently redirects httpS://www.robotshop.com/ to http://www.robotshop.com/. Any chance I can convince you to disable that redirect, so users who want to browse your site securely can do so?
Thanks,
Jacob