Opened 7 years ago

Closed 3 years ago

#9467 closed defect (fixed)

Imgur: unresolved redirect loops

Reported by: micahlee Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Reported on https-everywhere-rules:

To whom it may concern:

https://gitweb.torproject.org/https-everywhere.git/commitdiff/364a9298e3c400b2702b3d04b406a84d98f6ccb2
attempted to enable coverage for all of (www.)imgur.com, but there are
still many pages redirecting to http.
It appears that the previous exclusions were never quite complete.

The homepage is the only thing that ever _stopped_ redirecting to
http, as far as I could notice. It later resumed redirecting (see
https://bugzilla.mozilla.org/show_bug.cgi?id=866986#c7 ).

These paths redirect to http:

  • random$
  • gallery/ (this includes image pages as well as a XHR made by the

homepage's infinite scroll feature)

  • a/[imageID]/embed
  • help$
  • tos$
  • removalrequest$
  • apps$

These paths don't:

  • register$
  • register/upgrade$
  • signin$
  • images/
  • include/
  • min/

Everything appears to be ok if we limit the coverage of (www.)imgur.com to:
<rule from="http://(www\.)?imgur\.com/(images|include|min|register|signin)(/|\?|$)"
to="https://$1imgur.com/$2$3"/>

There is a bit of coverage we could add, though: store.imgur.com =
imgur-store.myshopify.com

I haven't yet tested with an account.
(This message doesn't strictly apply to the 3.x stable branch, because
the Imgur ruleset is disabled there, though the exclusions are
incomplete as explained.)

  1. Liu

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:2 Changed 3 years ago by cypherpunks

Resolution: fixed
Status: newclosed

imgur.com now fully supports HTTPS and Imgur.xml has been rewritten by an Imgur employee.

Note: See TracTickets for help on using tickets.