Opened 7 years ago

Last modified 18 months ago

#4595 new defect

OpenID breakage (Assembla/Google,, other sites?)

Reported by: pde Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords: httpse-ruleset-bug
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


We've had a couple of recent reports of breakage of OpenID deployments.

An unresolved one:

And a possibly worked-around one:

Child Tickets

#5306closedpdeMyOpenId rule breaks OpenId loginsHTTPS Everywhere/EFF-HTTPS Everywhere

Change History (9)

comment:1 Changed 7 years ago by pde

I speculate that there may be a problem in which OpenID implementations hash URLs, and these change when an s is added to the scheme. However this is pure speculation, I don't know much about OpenID yet.

comment:3 Changed 7 years ago by cypherpunks

Here is a specific example of new MyOpenID breakage with latest 2.0.1 release:

Go to, select login, then login using OpenID, on next screen enter a user name (make one up like or create one for yourself) & submit. You will receive a "Bad Redirect" error message at Disabling the rule allows the login to work properly again. As I said, this just broke with the latest HTTPS Everywhere update!

If you need to contact me for clarification/screenshots/whatever, you can do so at SESmith2112 /*at*/ gmail dawt com.

comment:4 Changed 7 years ago by cypherpunks

I confirm this issue.

comment:5 Changed 6 years ago by mikeperry

Keywords: httpse-ruleset-bug added

Might actually be a deeper issue than a simple ruleset change, but tagging anyway just in case.

comment:6 Changed 6 years ago by zarel

I use and sometimes as a relay to Both works with toodledo.

User should be warned somehow that they should use the HTTPS scheme when they give their OpenID username.

comment:7 Changed 6 years ago by schoen

Interesting. We probably need the fix (at a recommended-UI or specification level) to come from OpenID, then. How numerous and how independent are the deployed OpenID implementations?

I'll send a note to the OpenID Foundation and see if they can advise us about this.

comment:8 Changed 6 years ago by schoen

The OpenID Foundation asked me to post on their forum, so I posted about the problem here:

comment:9 Changed 18 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.