Opened 6 years ago

Closed 5 years ago

#7510 closed defect (fixed)

vk.com encrypted login fails

Reported by: Donarsson Owned by: MB
Priority: High Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This occurs on the 2012.10.31 release on Chrome and was also present in at least the two previous versions.

With the VK (partial) ruleset activated, login on vk.com fails and I get the following error message:

Warning
Unable to complete encrypted authorization. This can happen if your the date and time settings are not configured correctly on your system. Please check your date & time settings and restart the browser.

This is not a problem with my time/date settings, I checked them and they are ok.

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by pde

Owner: changed from pde to MB
Priority: normalmajor
Status: newassigned

comment:2 Changed 5 years ago by pde

Here's another example of a broken VK.com link:

http://m.vk.com/id87564799

(looks like a JS redirect loop in that case)

comment:3 in reply to:  2 ; Changed 5 years ago by Donarsson

Replying to pde:
The link in seems fine to me (HTTPSE 2012.10.31 on Chrome 24.0.1312.27 beta-m). Login however is still failing.

comment:4 in reply to:  3 Changed 5 years ago by pde

Hmmm yes, I can't reproduce it either now.

Replying to Donarsson:

Replying to pde:
The link in seems fine to me (HTTPSE 2012.10.31 on Chrome 24.0.1312.27 beta-m). Login however is still failing.

comment:5 Changed 5 years ago by dtauerbach

(Sign-up fails when the rule is enabled too)

comment:6 Changed 5 years ago by dtauerbach

When trying to sign up (with HTTPS E enabled):

[19:21:24.202] POST http://vk.com/join.php [HTTP/1.1 200 OK 377ms]
[19:21:24.634] GET http://vk.com/join.php?__query=join&act=school&al=-1&al_id=0&_rndVer=28245 [HTTP/1.1 200 OK 310ms]
[19:21:24.992] GET http://vk.com/join.php?__query=join&al=-1&al_id=0&_rndVer=64 [HTTP/1.1 200 OK 291ms]
[19:21:25.373] GET https://hvk.com/?role=al_frame&_origin=http://vk.com&ip_h=187515839092cac5fe [HTTP/1.1 302 Found 354ms]
[19:21:25.375] GET http://counter.yadro.ru/hit?r;s1366*768*24;uhttp%3A//vk.com/join;0.09252922008098585 [HTTP/1.1 200 OK 1079ms]
[19:21:25.377] GET https://sb.scorecardresearch.com/p?c1=2&c2=13765216&c3=&c4=http%3A//vk.com/join&c5=&c9=c15=&cv=2.0&cj=1&rn=0.49716923597375084 [HTTP/1.1 200 OK 96ms]
[19:21:25.479] GET https://sb.scorecardresearch.com/p?c1=2&c2=13765216&c3=&c4=http%3A//vk.com/join&c5=&c9=c15=&cv=2.0&cj=1&rn=0.49716923597375084 [HTTP/1.1 200 OK 99ms]
[19:21:25.708] GET https://vk.com/login.php?act=slogin&auto=1&to=&s=0 [HTTP/1.1 200 OK 331ms]
[19:21:25.994] Error: Permission denied to access property 'qlClear' @ https://vk.com/login.php?act=slogin&auto=1&to=&s=0:7

Without:

[19:34:12.771] POST http://vk.com/join.php [HTTP/1.1 200 OK 332ms]
[19:34:12.774] GET http://st0.userapi.com/images/upload_inv.gif [HTTP/1.1 200 OK 1179ms]
[19:34:13.137] GET http://vk.com/join.php?__query=join&act=school&al=-1&al_id=0&_rndVer=45308 [HTTP/1.1 200 OK 272ms]
[19:34:13.404] Error in parsing value for 'filter'. Declaration dropped. @ http://st0.userapi.com/css/al/tooltips.css?69:12
[19:34:13.404] Unknown property '-moz-box-shadow'. Declaration dropped. @ http://st0.userapi.com/css/al/tooltips.css?69:119
[19:34:13.404] Error in parsing value for 'width'. Declaration dropped. @ http://st0.userapi.com/css/al/tooltips.css?69:173
[19:34:13.405] Unknown property '-moz-border-radius'. Declaration dropped. @ http://st0.userapi.com/css/al/tooltips.css?69:407
[19:34:13.646] GET http://st0.userapi.com/images/join/school_f.gif [HTTP/1.1 200 OK 612ms]
[19:34:13.647] GET http://counter.yadro.ru/hit?rhttp%3A//vk.com/join;s1366*768*24;uhttp%3A//vk.com/join%3Fact%3Dschool;0.7846443111473903 [HTTP/1.1 200 OK 693ms]
[19:34:13.648] GET https://sb.scorecardresearch.com/p?c1=2&c2=13765216&c3=&c4=http%3A//vk.com/join%3Fact%3Dschool&c5=&c9=http%3A//vk.com/joinc15=&cv=2.0&cj=1&rn=0.635765525099055 [HTTP/1.1 200 OK 380ms]
[19:34:13.700] GET https://sb.scorecardresearch.com/p?c1=2&c2=13765216&c3=&c4=http%3A//vk.com/join%3Fact%3Dschool&c5=&c9=http%3A//vk.com/joinc15=&cv=2.0&cj=1&rn=0.635765525099055 [HTTP/1.1 200 OK 375ms]
[19:34:13.701] GET http://st0.userapi.com/images/ddtooltip.png [HTTP/1.1 200 OK 419ms]

The requests seem pretty different, and I'm not sure where the URI with "login.php" comes from. My inclination is to disable the ruleset for now, and let the ruleset author (MB) work on it.

comment:7 Changed 5 years ago by pde

Resolution: fixed
Status: assignedclosed

Dan disabled this in git, closing.

Note: See TracTickets for help on using tickets.