Https-everywhere: redirect loop sometimes not detected

Created on 21 Mar 2016  路  3Comments  路  Source: EFForg/https-everywhere

Ex: http://www.apple.com/apple-events/march-2016/ sends HTTPS-E into an infinite redirect loop in both Chrome and Firefox (and Brave). at least in Chrome, looks like the channel ID keeps increasing so HTTPS-E doesn't increment the redirect counter which is keyed by ID. i haven't looked into what Apple is doing to implement this annoying type of redirect.

picture diracdeltas

Most helpful comment

<script type="text/javascript">
if (true && window.location.protocol == "https:") {
window.location.href = "http:" + window.location.href.substring(window.location.protocol.length);
}
</script>

no comment

picture J0WI on 22 Mar 2016
😄5

All 3 comments

Just fixed this in Brave by adding some code to the redirect loop detection heuristic which checks if a URL returns 307 more than 5 times in 100ms. https://github.com/brave/browser-laptop/commit/9b945c5286e3d5672adfd62d6b5c09f03b305b2d#diff-a4a57e1c5be3df294e71a726d2e444cbR189

diracdeltas picture diracdeltas on 21 Mar 2016 
<script type="text/javascript">
if (true && window.location.protocol == "https:") {
window.location.href = "http:" + window.location.href.substring(window.location.protocol.length);
}
</script>

no comment

J0WI picture J0WI on 22 Mar 2016
😄5

Ugh, I didn't realize the Apple event was today. We would have done some releases. :(

diracdeltas picture diracdeltas on 22 Mar 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

00h-i-r-a00 picture 00h-i-r-a00  路  4Comments
cschanaj picture cschanaj  路  4Comments
cschanaj picture cschanaj  路  3Comments
J0WI picture J0WI  路  4Comments
J0WI picture J0WI  路  3Comments