Skip to content
This repository has been archived by the owner on Nov 6, 2023. It is now read-only.

HTTPS to HTTPS 40 Rules Refactor #16924

Merged
merged 24 commits into from
Nov 1, 2018
Merged
Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
795e62f
Update Aeriagames Ruleset
zoracon Sep 25, 2018
ce11c34
Merge branch 'master' of github.com:EFForg/https-everywhere into http…
zoracon Sep 26, 2018
602943a
Add test urls to Aeriagames.xml
zoracon Sep 28, 2018
476b736
Remove HTTPS to HTTPS rule
zoracon Sep 29, 2018
a982594
Remove overlapping rules and fix syntax error
zoracon Sep 29, 2018
e9bea46
Add more test URLS
zoracon Sep 29, 2018
b5f210c
Fix typo
zoracon Sep 29, 2018
fba7c6a
Merge branch 'master' of github.com:EFForg/https-everywhere into http…
zoracon Oct 1, 2018
908615c
Remove HTTPS to HTTPS redirects in BME xml files
zoracon Oct 1, 2018
2d820c6
Remove HTTPS to HTTPS rule
zoracon Oct 2, 2018
91680e1
Remove HTTPS to HTTPS redirects
zoracon Oct 4, 2018
4c2bb2d
Amend comments and clean edge cases
zoracon Oct 4, 2018
6006421
Refactoring ruleset
zoracon Oct 9, 2018
83ad1f6
Amend rulesets with faulty tests and domain hosts
zoracon Oct 18, 2018
571f048
Clean ruleset test urls
zoracon Oct 18, 2018
6484b29
Amend for tests
zoracon Oct 18, 2018
6a19228
Amend tests
zoracon Oct 18, 2018
c4e673f
Amend secure urls test
zoracon Oct 18, 2018
65c40a9
Amend typo
zoracon Oct 18, 2018
e3c69bd
Remove duplicate rulesets
zoracon Oct 18, 2018
11bf2e2
Merge branch 'master' of github.com:EFForg/https-everywhere into http…
zoracon Oct 18, 2018
0d66d47
Amend loose targets and clean comments
zoracon Oct 24, 2018
8fd6b44
Revert changes on Default off rules
zoracon Oct 31, 2018
1f6cc82
List out working targets for Aeriagames ruleset
zoracon Nov 1, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 0 additions & 19 deletions src/chrome/content/rules/AJC.com.xml
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,5 @@
<target host="store.ajc.com" />
<target host="subscribe.ajc.com" />

<!--
Rewrite rule must touch https to fix errors caused by the site adding
https to links that do not support it. When a user requests a page
on https://www.ajc.com, it often seems to add https to other ajc.com
links on that page regardless of whether or not the subdomain supports
https. This can be a problem because clicking on a https://ajc.com link
results in an invalid cert error. The rule fixes this by rewriting
https://ajc.com links (which don't support https) to https://www.ajc.com
links (which do support https).

Example:
https://www.ajc.com/news/local/woman-emory-doctors-left-camera-body-after-surgery/Ajt6yMsjByDAWJTLfkDCyM/
The Most Read sidebar on the above page (or most any other page) is
an example of behavior that necessitates the rule. https://ajc.com
links are created despite it not supporting https. Visiting that page
and clicking on one of the https://ajc.com links on the sidebar
(while the below rule is disabled) should reproduce the issue.
-->
<rule from="^https?://ajc\.com/" to="https://www.ajc.com/"/>
<rule from="^http:" to="https:" />
</ruleset>
14 changes: 0 additions & 14 deletions src/chrome/content/rules/AdultShopping.com.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,27 +53,13 @@ Fetch error: http://store.adultshopping.com/ => https://checkout.adultshopping.c
<target host="secure.adultshopping.com" />
<target host="www.adultshopping.com" />

<!-- Complications:
-->
<target host="store.adultshopping.com" />


<!-- Not secured by server:
-->
<!--securecookie host="^(?:admin|affiliates|checkout|secure|www)\.adultshopping\.com$" name="^laravel_session$" /-->

<securecookie host="^\." name="^(?:optimizely|_gat?$|_gat_)" />
<securecookie host="^\w" name=".+" />


<!-- s? for protocol-relative redirects
from affiliates & secure:
-->
<rule from="^https?://store\.adultshopping\.com/"
to="https://checkout.adultshopping.com/" />

<test url="https://store.adultshopping.com/" />

<rule from="^http:"
to="https:" />

Expand Down
41 changes: 10 additions & 31 deletions src/chrome/content/rules/Aeriagames.xml
Original file line number Diff line number Diff line change
@@ -1,37 +1,16 @@
<!--
CDN buckets:

- wildcard.aeriastatic.com.edgekey.net

- c.aeriastatic.com

- static.aeriagames.com.edgesuite.net

- s.aeriastatic.com


Problematic domains:

- s.aeriastatic.com (works, akamai)
CDN buckets

Updated CDN
- cms-content.s.aeriastatic.co
-->
<ruleset name="Aeriagames">
<target host="www.aeriagames.com" />
<target host="aeriagames.com" />
<target host="www.aeriagames.com" />
<target host="aeriagames.com" />
<target host="*.aeriastatic.com" />

<rule from="^http://(?:www\.)?aeriagames\.com/" to="https://www.aeriagames.com/"/>

<rule from="^http://c\.aeriastatic\.com/"
to="https://c.aeriastatic.com/" />

<!-- We must rewrite from https://s to c due to protocol-relative
links on www.aeriagames.com:

- https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001650.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=879072#c1
-->
<rule from="^https?://s\.aeriastatic\.com/"
to="https://c.aeriastatic.com/" />

<test url="http://cms-content.s.aeriastatic.com/82de179009b2505fcc419f60f4d98ab7/files/aurakingdom/image/F/Featured_Shinobi.jpg" />
<test url="http://c.aeriastatic.com/modules/js/AG/version1/assets/signupVerifier.css" />
<test url="http://cms-content.s.aeriastatic.com/cb69c2e1a7010ab58379cbef75909305/files/eos/image/e/episode_2.5_EOS_featured_2.jpg" />
<rule from="^http:"
to="https:" />
zoracon marked this conversation as resolved.
Show resolved Hide resolved
</ruleset>
14 changes: 5 additions & 9 deletions src/chrome/content/rules/BME.hu.xml
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,13 @@ Fetch error: http://uszoda.sch.bme.hu/ => https://uszoda.sch.bme.hu/: (51, "SSL:
Fetch error: http://wjsz.bme.hu/ => https://wjsz.bme.hu/: (60, 'SSL certificate problem: certificate has expired')
Fetch error: http://cubesat.bme.hu/ => https://cubesat.bme.hu/: (60, 'SSL certificate problem: certificate has expired')

This file contains a ruleset for the websites of
This file contains a ruleset for the websites of
Budapest University of Technology and science.

This is not an official list, and probably not comprehensive!

This is a university domain with many different sites and
maintainter teams. Lots of the sites are sending incomplete
This is a university domain with many different sites and
maintainter teams. Lots of the sites are sending incomplete
certificate chains. But, all the sites are using the same
intermediate certificate, so the misconfigured sites are
"just works" because the browser has the missing certs cached.
Expand All @@ -27,7 +27,7 @@ Fetch error: http://cubesat.bme.hu/ => https://cubesat.bme.hu/: (60, 'SSL certif
ruleset (see BME.hu_incomplete.xml) with the misconfigured sites.
The users can turn that on if they want.

Feel free to add or move sites to the correct list,
Feel free to add or move sites to the correct list,
but do not include them in both.

This is the list for sites with valid ssl cert chains.
Expand Down Expand Up @@ -113,7 +113,7 @@ Fetch error: http://cubesat.bme.hu/ => https://cubesat.bme.hu/: (60, 'SSL certif
<!-- Atomfizika tanszek -->
<!-- <target host="fat.bme.hu" /> -->
<target host="www.fat.bme.hu" />
<!-- Épületgépészeti tanszék -->
<!-- Épületgépészeti tanszék -->
<target host="epget.bme.hu" />
<target host="www.epget.bme.hu" />
<!-- Karman Todor kollegium -->
Expand All @@ -136,10 +136,6 @@ Fetch error: http://cubesat.bme.hu/ => https://cubesat.bme.hu/: (60, 'SSL certif
<target host="www.esn.bme.hu" />

<!-- Probably, there are many more sites in the bme.hu domain -->

<!-- Workaround https://tmit.bme.hu cert error -->
<rule from="^https?://tmit\.bme\.hu/"
to="https://www.tmit.bme.hu/"/>

<!-- Hop directly to https NEPTUN -->
<rule from="^http://(www\.)?neptun\.bme\.hu/"
Expand Down
8 changes: 2 additions & 6 deletions src/chrome/content/rules/BME.hu_incomplete.xml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<!--
This file contains a ruleset for the websites of
This file contains a ruleset for the websites of
Budapest University of Technology and science.

This is NOT a standalone ruleset.
Expand All @@ -12,7 +12,7 @@

<!-- Merestechnika -->
<target host="www.mit.bme.hu" />
<target host="mit.bme.hu" /> <!-- !!! -->
<target host="mit.bme.hu" />
<target host="inf.mit.bme.hu" />
<target host="svn.inf.mit.bme.hu" />
<target host="git.inf.mit.bme.hu" />
Expand All @@ -27,10 +27,6 @@
<target host="cs.bme.hu" />
<target host="www.cs.bme.hu" />

<!-- Workaround https://mit.bme.hu cert error -->
zoracon marked this conversation as resolved.
Show resolved Hide resolved
<rule from="^https?://mit\.bme\.hu/"
to="https://www.mit.bme.hu/"/>

<rule from="^http:"
to="https:"/>
</ruleset>
23 changes: 5 additions & 18 deletions src/chrome/content/rules/Blip.xml
Original file line number Diff line number Diff line change
Expand Up @@ -43,40 +43,27 @@ Fetch error: http://a.blip.tv/ => https://as.blip.tv/: (7, 'Failed to connect to

<!-- Direct rewrites:
-->
<target host="blip.tv" />
<target host="blip.tv" />
<target host="i.blip.tv" />
<target host="as.blip.tv" />
<target host="press.blip.tv" />
<target host="theblog.blip.tv" />
<target host="www.blip.tv" />

<!-- Complications:
-->
<target host="a.blip.tv" />
<target host="www.blip.tv" />
<target host="a.blip.tv" />
<target host="*.i.blip.tv" />

<test url="http://a.blip.tv/images/blank.gif" />
<test url="http://a.blip.tv/skin/smooth/images/icon-search.png" />

<test url="http://0.i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&amp;w=270&amp;h=152&amp;fmt=jpg" />
<test url="https://0.i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&amp;w=270&amp;h=152&amp;fmt=jpg" />


<!-- Not secured by server:
-->
<!-- Not secured by server: -->
<!--securecookie host="^\.blip\.tv$" name="^__qca$" /-->

<securecookie host="^(?:.*\.)?blip\.tv$" name=".+" />

<securecookie host="^(?:.*\.)?blip\.tv$" name=".+" />

<rule from="^http://a\.blip\.tv/"
to="https://as.blip.tv/" />

<!-- s? for protocol-relative links:
-->
<rule from="^https?://\d\.i\.blip\.tv/"
zoracon marked this conversation as resolved.
Show resolved Hide resolved
to="https://i.blip.tv/" />

<rule from="^http:"
to="https:" />

Expand Down
7 changes: 0 additions & 7 deletions src/chrome/content/rules/CafePress.xml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ Fetch error: http://server.iad.liveperson.net/ => http://server.iad.liveperson.n
<target host="cafepress.co.uk"/>
<target host="*.cafepress.co.uk"/>
<target host="*.cpcache.com"/>
<target host="server.iad.liveperson.net"/>

<rule from="^http://(?:www\.)?cafepress\.co(m|\.uk)/content/"
to="https://www.cafepress.co$1/content/"/>
Expand All @@ -32,10 +31,4 @@ Fetch error: http://server.iad.liveperson.net/ => http://server.iad.liveperson.n
<!-- Akamai bucket. Finding it would ideal. -->
<rule from="^http://content\d?\.cpcache\.com/"
to="https://content.cafepress.com/"/>

<!-- rewriting help to liveperson breaks links under "design your own"
in the footer. Fix this by rewriting back. -->
<rule from="^https://server\.iad\.liveperson\.net/make/"
to="https://www.cafepress.com/make/"/>
zoracon marked this conversation as resolved.
Show resolved Hide resolved

</ruleset>
21 changes: 0 additions & 21 deletions src/chrome/content/rules/Caltech.xml
Original file line number Diff line number Diff line change
Expand Up @@ -124,16 +124,8 @@ Fetch error: http://web.caltech.edu/ => https://web.caltech.edu/: (6, 'Could not
<target host="webmail.caltech.edu" />
<target host="www.caltech.edu" />

<!--target host="solutions.sciquest.com" /> safe? -->

<!-- Complications:
-->
<target host="imss-test-storage.ads.caltech.edu.s3.amazonaws.com" />
<target host="www-prod-storage.cloud.caltech.edu.s3.amazonaws.com" />

<target host="www.access.caltech.edu" />
<target host="blackboard.caltech.edu" />
<target host="imss-website-storage.cloud.caltech.edu" />
<target host="irsecure.caltech.edu" />
<target host="moodle.caltech.edu" />

Expand All @@ -150,19 +142,6 @@ Fetch error: http://web.caltech.edu/ => https://web.caltech.edu/: (6, 'Could not

<securecookie host=".\.caltech\.edu$" name=".+" />


zoracon marked this conversation as resolved.
Show resolved Hide resolved
<!-- Handily, this bucket forces redirect from s3.amazonaws.com/foo to foo.s3.amazonaws.com.
-->
<rule from="^https?://imss-test-storage\.ads\.caltech\.edu\.s3\.amazonaws.com/"
to="https://s3-us-west-1.amazonaws.com/imss-test-storage.ads.caltech.edu/" />

<test url="http://imss-website-storage.cloud.caltech.edu.s3-us-west-1.amazonaws.com/Training%20Guides/Cognos_GA_Query_Studio.pdf" />

<!-- Ditto.
-->
<rule from="^https?://www-prod-storage\.cloud\.caltech\.edu\.s3\.amazonaws\.com/"
to="https://s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/" />

<rule from="^http://www\.access\.caltech\.edu/"
to="https://access.caltech.edu/" />

Expand Down
6 changes: 0 additions & 6 deletions src/chrome/content/rules/Cashback.co.uk.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,4 @@

<rule from="^http://(secure\.|www\.)?cashback\.co\.uk/"
to="https://$1cashback.co.uk/"/>

<!-- stop site from sending us to a blank page.
site will redirect to http for us. -->
<rule from="^https://secure\.cashback\.co\.uk/$"
to="https://www.cashback.co.uk/"/>

</ruleset>
15 changes: 5 additions & 10 deletions src/chrome/content/rules/Cru.org.xml
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,12 @@ Fetch error: http://cru.org/ => https://cru.org/: (51, "SSL: no alternative cert

<target host="cru.org" />
<target host="*.cru.org" />

<test url="http://sites.cru.org/" />
<test url="http://stage.cru.org/" />
<test url="http://jobs.cru.org/" />

<securecookie host="^(?:www\.)?cru\.org$" name=".+" />


<rule from="^http://(www\.)?cru\.org/"
to="https://$1cru.org/" />

<!-- Protocol-relative links from www:
-->
<rule from="^https?://static\.cru\.org/"
to="https://d2kuvqjqp132ic.cloudfront.net/" />

<rule from="^http:"
to="https:" />
</ruleset>
10 changes: 0 additions & 10 deletions src/chrome/content/rules/DailyDot.xml
Original file line number Diff line number Diff line change
Expand Up @@ -41,25 +41,15 @@
<ruleset name="DailyDot.com (partial)" platform="mixedcontent">

<target host="dailydot.com" />
<target host="cdn0.dailydot.com" />
<target host="www.dailydot.com" />


<!-- Not secured by server:
-->
<securecookie host="^\.dailydot\.com$" name="^__qca$" />


<rule from="^http://dailydot\.com/"
to="https://www.dailydot.com/" />

<!-- s? for protocol-relative urls...:
-->
<rule from="^https?://cdn0\.dailydot\.com/"
to="https://dailydot.s3.amazonaws.com/" />

<test url="https://cdn0.dailydot.com/" />

<rule from="^http:"
to="https:" />

Expand Down
18 changes: 9 additions & 9 deletions src/chrome/content/rules/Epic-Systems.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@

<target host="epic.com" />
<target host="*.epic.com" />
<test url="http://access.epic.com/" />
<test url="http://career.epic.com/" />
<test url="http://councils.epic.com/" />
<test url="http://eventregistration.epic.com/" />
<test url="http://sites.epic.com/" />
<test url="http://ugm.epic.com/" />
<test url="http://userweb.epic.com/" />

<securecookie host="^\w+\.epic\.com$" name=".+" />

<!--
Prevent https://epic.com/ from redirecting to http://www.epic.com/
-->

<rule from="^https?://epic\.com/"
to="https://www.epic.com/" />

<rule from="^http://(access|careers|councils|eventregistration|sites|ugm|userweb|www)\.epic\.com/"
to="https://$1.epic.com/" />
<rule from="^http:"
to="https:" />

</ruleset>
5 changes: 0 additions & 5 deletions src/chrome/content/rules/Epson.xml
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,6 @@ Fetch error: http://www.epson.com.mx/ => https://global.latin.epson.com/mx: Redi
<rule from="^http://(pos|was)\.epson\.com/"
to="https://$1.epson.com/" />

<!-- What is this doing?
It looks as though this is excluded above...
<rule from="^https://(?:www\.)?epson\.com/((?:[a-zA-Z][a-zA-Z\d]+){1})$"
to="https://www.epson.com/$1" /-->

<!-- Cert only matches global.*
Redirects as so. -->
<rule from="^http://(?:www\.)?epson\.com\.mx/"
Expand Down
Loading