Opened 6 years ago

Last modified 18 months ago

#8375 new defect

HTTPS Everywhere for Chrome breaks redirects when authentication is required

Reported by: cypherpunks Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version: HTTPS-E chrome 2013.1.18
Severity: Normal Keywords:
Cc: jnylen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm having a strange issue with HTTPS Everywhere.  It breaks server redirects over HTTPS on my site when authentication is also required.  It may also be related that I'm using a self-signed cert.

An example: https://nylen.tv/test should redirect to https://nylen.tv/test/ but it doesn't.  The server is sending the Location header properly, but Chrome does not follow it and shows the 301 page instead.   (The username for that URL is test and the password is testing).

What is even more strange is that if you refresh the page, the redirect happens like it's supposed to.

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by mjb

FWIW, I can replicate this bug on my own server, which is using a non-self-signed certificate: https://skew.org/tmp/privatetest (u: test, p: testing)

I am using the 2013.6.4 version of HTTPS Everywhere in Chrome 27.0.1453.116 m on Win7 (64-bit).

comment:2 Changed 6 years ago by zyan

This is weird since there isn't an https everywhere rule for either of those servers. It is totally replicable for me on Chrome, but doesn't happen in FF (23).

comment:3 Changed 6 years ago by cypherpunks

This is a showstopper for me. I think HTTPS Everywhere is a great idea, and I'd use it if this issue were fixed.

Instead I'm using KB SSL Enforcer, which is decent, but it relies on auto-detection, which doesn't always work very well.

comment:4 Changed 18 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.