Opened 7 years ago

Closed 7 years ago

#7931 closed defect (fixed)

samples.libav.org broken

Reported by: hanno Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This url:
http://samples.libav.org/A-codecs/tak/

gets forwarded to this:
https://samples.libav.org/A-codecs/tak/

However, that doesn't exist. Probably the rule for *.libav.org should be limited to libav.org and www.libav.org (and maybe others that work).

(P.S.: This is not the first time I see this - it seems you are too often making rules for *.domainname without checking if there are subdomains that don't support https. In doubt, I'd prefer limiting to rules that definitely work)

Child Tickets

Change History (1)

comment:1 Changed 7 years ago by pde

Resolution: fixed
Status: newclosed

I agree that rulesets written like this are dangerous. Unfortunately there's no well-defined method for enumerating subdomains out of DNS (we could try to make zone transfer requests but they're often blocked). Perhaps #7075 will help to mitigate this problem.

Anyway, here's the fix for this rule:

https://gitweb.torproject.org/https-everywhere.git/commitdiff/ca445b5ba9c2e3c658f52e41bbccc04b5d61a280

Note: See TracTickets for help on using tickets.