Opened 7 years ago

Closed 7 years ago

#8056 closed defect (fixed)

Infinite loop redirection after sign in eventbrite.com

Reported by: cypherpunks Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: httpse-ruleset-bug
Cc: dpzaba@…, MB, webmaster@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Chromium 23.0.1271.97, https-every-where version: 2013.1.18

Firefox 21, https-every-where version:  3.1.3

After sign in eventbrite.com (it redirects to https://www.eventbrite.com/myevents) and both browsers show a message "infinite loop redirection" (more or less).

If I disable that extension in Chromium it works fine.

Child Tickets

Change History (3)

comment:1 Changed 7 years ago by pde

This might be a variant of #4286, or server-side code that catches an HTTP redirect loop before our code does.

In any case, I made a test account but can't reproduce this. Is it possible that Eventbrite fixed it quickly?

comment:2 Changed 7 years ago by cypherpunks

Yes, maybe it is related with #4286 (Javascript redirection)

It isn't fixed yet (when I said "sign in" I mean "log in").

steps to reproduce this:

comment:3 Changed 7 years ago by pde

Cc: MB webmaster@… added
Resolution: fixed
Status: newclosed

It looks like this is caused by the securecookie element of this ruleset. We will remove the securecookie rule, but that's a bad sign for eventbrite's security, I believe.

Note: See TracTickets for help on using tickets.