Opened 7 years ago

Closed 6 years ago

#5952 closed defect (worksforme)

[CHROME] HTTPSEverywhere breaks Basecamp ajax

Reported by: abraham Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: zyan@… Actual Points:
Parent ID: #7851 Points:
Reviewer: Sponsor:

Description

HTTPS Everywhere for Chrome causes subsequent page loads in Basecamp to fail. The first page loads fine but clicking through to a second page loaded via AJAX and it will fail. The URL changes, new content is requested from the server and the loading UI is started. A JavaScript exception gets thrown and the new content fails to render. Disable HTTPSE and Basecamp pages start loading as expected.

Error: Uncaught SyntaxError: Unexpected token , in application-4cc1453aee6fcde8e1ec921ba2fb37ec.js:31
URL: https://basecamp.com
Browser: Google Chrome 20.0.1132.11 dev
HTTPSE: 2012.5.1

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by abraham

There is also no option to disable HTTPSE only on Basecamp so the only workaround I've found is to disable the extension.

comment:2 Changed 7 years ago by pde

This is a weird bug, because I don't think there are any rulesets that cover basecamp.com, either in chrome-2012.5.1 or master.

Can you see if there are any third party rulesets that might be causing the problem? If not, I'm quite mystified...

comment:3 Changed 7 years ago by abraham

In the console I'm seeing:

Applicable rules for basecamp.com: util.js:7
Got insecure cookie header: csrf-token=iSL0SU8oKMeprZl3lv...

I don't know if this is a basecamp.com rule or a cookie rule being applied to basecamp.com. There are also several entries for asset1.basecamp.com.

comment:4 Changed 7 years ago by pde

Hrm, I think that message is counter-intuitively indicating that there are /no/ applicable rules for basecamp. The code is here:

https://gitweb.torproject.org/https-everywhere.git/blob/chrome-2012.5.1:/chromium/rules.js#l171

I think that the console message you pasted indicates that results was actually an empty list, which is what we would expect. (I will fix this confusing message shortly).

comment:5 Changed 6 years ago by zyan

Cc: zyan@… added
Parent ID: #7851

This is possibly due to the fact that AJAX calls won't show up on the https everywhere menu because they're not associated with a window.

comment:6 Changed 6 years ago by zyan

Resolution: worksforme
Status: newclosed

In either case, I couldn't reproduce it after making a Basecamp account and visiting a bunch of pages.

Note: See TracTickets for help on using tickets.