Opened 5 years ago

Last modified 9 days ago

#7554 new defect

"Disable HTTPS EveryWhere" icon menu action doesn't work until browser restart

Reported by: xaho Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version: HTTPS-E 4.0dev3
Severity: Normal Keywords: enable disable toolbar icon menu
Cc: public.oss@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Using

firefox-16.0.2-1.fc16.x86_64
HTTPS-E 3.0.4 (or 4.0dev2, same results)

Test page

http://sid.rstack.org/blog/index.php/567-chasse-au-lapin

  1. Create a fresh Firefox profile -> video OK
  2. Install HTTPS-E 3.0.4 (or 4.0dev2), restart -> video FAIL

All following actions are performed via HTTPS-E toolbar icon menu.

  1. Disable HTTPS-E "Vimeo" Ruleset -> video OK
  2. Enable HTTPS-E "Vimeo" Ruleset -> video FAIL

As expected so far: the "Vimeo" rule might need a correction for such type of embedded videos (since it says « Sorry -- There was an error encountered while loading this video. »), however this is not the issue I am reporting here :b

  1. Disable HTTPS-E as a whole -> video FAIL

This was unexpected.
Expected : video OK

  1. Restart browser (HTTPS-E still "Disabled") -> video OK.
  2. Enable HTTPS-E as a whole -> video FAIL
  3. Disable HTTPS-E "Vimeo" Ruleset -> video OK
  4. Enable HTTPS-E "Vimeo" Ruleset -> video FAIL

As expected so far again.
Then to confirm the present issue:

  1. Disable HTTPS-E as a whole -> video FAIL

This was unexpected, as previously.
Expected: video OK

So, the ruleset seems to keep being applied until browser restart, despite HTTPS-E being set to "Disabled".

NB. ticket set to trac Version "HTTPS-E 4.0dev1" since I can't find any "HTTPS-E 3.0.4" or "HTTPS-E 4.0dev2" in the list.

Child Tickets

Attachments (1)

HTTPS-E.vimeo (7.6 KB) - added by xaho 5 years ago.
More info: HttpFox captures

Download all attachments as: .zip

Change History (6)

comment:1 Changed 5 years ago by xaho

Cc: public.oss@… added

comment:2 Changed 5 years ago by xaho

Tried some more and at every step (especially "5-bis" or "10-bis"), I also cleared the following cookie/caches

Via Firefox Clear Private Data dialogue

  • Cookies
  • Cache
  • Active Logins
  • Offline website data
  • Flash cookies (cf. BetterPrivacy)

Via other addons

  • SSL Cache (cf. ClearSSLCache)
  • HTML5 store (cf. Foundstone)

All appeared clear in about:cache & cookie explorers.
Then reloading the page -> same results.

More info: Ruleset

<ruleset name="Vimeo">

<target host="vimeo.com" />
<target host="*.vimeo.com" />
<target host="*.vimeocdn.com" />

<!--

Uses crossdomain.xml from s3.amazonaws.com, which sets secure="false"

https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html

-->

<exclusion pattern="http://a\.vimeocdn\.com/p/flash/moogaloop/" />

<rule from="http://player\.vimeo\.com/"

to="https://player.vimeo.com/" />

<!-- Secure login form -->
<rule from="http://(?:secure\.|www\.)?vimeo\.com/log_in"

to="https://secure.vimeo.com/log_in" />

<!-- a & b: Akamai -->
<rule from="https?:(?:secure-)?([ab])\.vimeocdn\.com/"

to="https://secure-$1.vimeocdn.com/" />

</ruleset>

Changed 5 years ago by xaho

Attachment: HTTPS-E.vimeo added

More info: HttpFox captures

comment:3 Changed 5 years ago by xaho

NB. See also #7569 for the rulset itself (distinct issue)

comment:4 Changed 5 years ago by xaho

Version: HTTPS-E 4.0dev1HTTPS-E 4.0dev3

Applies to HTTPS-E 3.1 and 4.0dev3 (firefox-16.0.2-1.fc16.x86_64)

comment:5 Changed 9 days ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.