Opened 8 years ago

Last modified 3 years ago

#6352 assigned enhancement

provide way of checking if rules are enabled from the calling web page

Reported by: federico Owned by: zyan
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #4408 Points:
Reviewer: Sponsor:


I run a site ( that has problem playing embedded youtube videos if https everywhere is enabled

I would like a way of checking if https is enabled on a given url/domain, so to notify the user

this may help [0]


Child Tickets

Change History (9)

comment:1 Changed 8 years ago by zZzz

What exactly is the problem? Seems unlikely to me that it's on HTTPSEverywhere's end.
Besides, asking for HTTPSEverywhere to be changed because of what seems to be a flaw on your end is a bit bodacious, isn't it?

Looking at your site, it seems similar to Sync(h)Tube, and I believe that site functions fine with HTTPS. I suggest you look into how they handle things.

You can't possibly be suggesting you want a way for the users to be told to turn off encryption..

comment:2 Changed 8 years ago by federico

the problem has been described here [0] (the proposed solution doesn't work) and it's not on https everywhere side but on how the target website reacts to it

anyway, since https everywhere interaction is known to cause problems sometimes, adding a notification thing and letting web developers know what's going on may help track down and solve them.

FAQs suggest to disable the breaking rule [1]: I would like to do the same, being more specific


comment:3 Changed 8 years ago by zZzz

Sync(h)Tube can do it, I believe, so why can't you?
This seems to reside on YouTube(Google's) side though. It's possible that the offending rule in question can be disabled though.
In the ticket you linked to ([0]), they use HTTPS by default. Why are you unable to do this?

comment:4 Changed 8 years ago by federico

I don't know (yet, I hope).
The only thing I know for now is that the embedded player does not call my javascript callback functions as it should, and therefore I cannot ask it its state and react accordingly
Maybe (just guessing) it's because of a security restriction with my site being plain http and youtube being https

comment:5 Changed 8 years ago by zZzz

The site you linked to (, [0]) mentions the security restriction, I think.

comment:6 Changed 8 years ago by pde

Two tickets that are related to this one:

Ticket #6200 is about making it possible for the YouTube ruleset (or any other ruleset) to disable itself on some sites/pages (like that for some reason are incompatible.

Ticket #4408 is about the bug with the YouTube JS API in particular, but nobody seems to have examined it closely and proposed a patch.

comment:7 Changed 8 years ago by pde

Parent ID: #4408

comment:8 Changed 7 years ago by zyan

Owner: changed from pde to zyan
Status: newassigned

Asheesh has suggested something similar, since he would like this functionality for testing at Eventbrite as they transition to full HTTPS coverage (yay!). His proposal is for us to do reporting similar to CSP reports to a known endpoint on the parent domain.

comment:9 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.