Re: [HTTPS-Everywhere] Help with creating a rule to work around an issue with Jira

2014-01-14 Thread Drake, Brian
I wasted lots of time on this issue too (but on a different site). As far as Firefox is concerned, an insecure request is an insecure request; it doesn’t care if HSTS rewrites it [1], and presumably, it doesn’t care if HTTPS Everywhere rewrites it either. Can someone more familiar with how HTTPS E

Re: [HTTPS-Everywhere] Help with creating a rule to work around an issue with Jira

2014-01-14 Thread Drake, Brian
Actually, you should probably forget what I said about platform=mixedcontent. HTTPS Everywhere supports other browsers too, and I don’t know how they behave. Once again, I hope someone who understands this software better can help us. -- Brian Drake All content created by me: Copyright

Re: [HTTPS-Everywhere] Help with creating a rule to work around an issue with Jira

2014-01-14 Thread Jacob Hoffman-Andrews
Brian, you are correct: Currently in both Chrome and Firefox, neither HSTS nor HTTPS Everywhere can "fix up" active mixed content. The blocking happens before either mechanism has a chance to rewrite the URLs. Here are the relevant tickets to allow HTTPS Everywhere to do the rewrite, please st

Re: [HTTPS-Everywhere] Ruleset Name Character Encoding

2014-01-14 Thread Drake, Brian
Someone else got there first: https://github.com/EFForg/https-everywhere/issues/76 -- Brian Drake All content created by me: Copyright© 2014 Brian Drake. All rights reserved. On Tue, Jan 14, 2014 at 0619 (UTC), Drake, Brian wrote: >

Re: [HTTPS-Everywhere] Mixed Content Blocker

2014-01-14 Thread Drake, Brian
Firstly, the same issue would occur with mixed display content, if blocking of mixed display content was turned on, right? So the issue here is simply that, to the extent that the mixed content blocker blocks _any_ requests, it does so before the requests are processed by HSTS or extensions. The

[HTTPS-Everywhere] Automatic Rule Creation-how about it?

2014-01-14 Thread Numismatika
I like the idea of https://github.com/kevinjacobs/HTTPS-Finder/ by kevinjacobs. It detects if an http site can also be accessed over httpS and creates a rule for that. I think this is a feature that HTTPS-Everywhere should offer by default. That might also increase contributions if people would get

Re: [HTTPS-Everywhere] Mixed Content Blocker

2014-01-14 Thread Jacob Hoffman-Andrews
On 01/14/2014 06:52 AM, Drake, Brian wrote: > The first thing to do is to get some decent documentation on how things > work now You're right, we do need better documentation. Right now the only mention on the HTTPS Everywhere site is a blurb about the Chrome beta, from before Firefox implemented