Opened 7 years ago

Closed 6 years ago

#8584 closed defect (fixed)

Chrome - Apple Support site broken (mixed content)

Reported by: alphawolf Owned by: pde
Priority: Medium Milestone: HTTPSE Cr 2013.4.2x
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version: HTTPS-E chrome 2013.3.7
Severity: Keywords: httpse-ruleset-bug
Cc: MB Actual Points:
Parent ID: #6975 Points:
Reviewer: Sponsor:

Description

Example:

https://support.apple.com/kb/HT4979

Child Tickets

Change History (2)

comment:1 Changed 7 years ago by pde

Cc: MB added
Milestone: HTTPS-E Chrome 2013.4.1x

Flagging this ruleset as platform="mixedcontent" would disable HTTPS Everywhere protection for Apple.com completely on Chrome, which I think is rather drastic. I'm going to make an Apple (mixedcontent) ruleset, move the support.apple.com site in there, and have it flagged to be disabled on Chrome (and Firefox 23+). MB, this might be an appropriate approach to take for large/important sites with corners that have mixedcontent problems.

We also need someone at Apple to start working on the problem of eradicating mixed content when people land on the site via https. I'll send their security team to this ticket.

comment:2 Changed 6 years ago by pde

Resolution: fixed
Status: newclosed

I have split the Apple ruleset into the parts that cause mixed content and the parts that don't. The former can be off by default on Chrome and FF 23+.

I'm sure there are other instances of mixed content on the Apple site besides support articles though...

Note: See TracTickets for help on using tickets.