Https-everywhere: Add new ruleset for Gamer Network's websites

Created on 25 Nov 2018 · 11Comments · Source: EFForg/https-everywhere

Type: new ruleset
Domain: http://nintendolife.com
Domain: http://www.pushsquare.com

good first issue new-ruleset

Source

domebacsi

Most helpful comment

@RemakingEden, redirects to HTTP means that:

https://subdomain.example.com -> http://subdomain.example.com

We can't add a rule in this case because it would create a redirect loop

https://subdomain.example.com -server-> http://subdomain.example.com -HTTPS Everywhere-> https://subdomain.example.com -server-> http://subdomain.example.com ...

In this case, https://nitendolife.com redirects to http://www.nitendolife.com (different subdomain). It's therefore a valid target for HTTPS Everywhere.

On a related note, https://www.nitendolife.com itself would be a valid target because it returns HTTP 200.

Bisaloo on 13 Feb 2019

👍3

All 11 comments

@Bisaloo @zoracon I have a slight issue with this ruleset.I have check all subdomains with http to https and they all redirect back to http. There is no way to get them to resolve as https without forcing it in the extension.

It seems that https works when logging in etc but that appears to be pre loaded hsts.

What would you recommend to do in this case?

RemakingEden on 31 Jan 2019

@Bisaloo @zoracon I have a slight issue with this ruleset.I have check all subdomains with http to https and they all redirect back to http. There is no way to get them to resolve as https without forcing it in the extension.

It seems that https works when logging in etc but that appears to be pre loaded hsts.

What would you recommend to do in this case?

Are you talking about both domains or just one of them?

zoracon on 31 Jan 2019

@Bisaloo @zoracon I have a slight issue with this ruleset.I have check all subdomains with http to https and they all redirect back to http. There is no way to get them to resolve as https without forcing it in the extension.
It seems that https works when logging in etc but that appears to be pre loaded hsts.
What would you recommend to do in this case?

Are you talking about both domains or just one of them?

I have only looked into Nintendolife in detail right now. but from a quick look it seems to be the same on pushsquare.

RemakingEden on 31 Jan 2019

@Bisaloo @zoracon I have a slight issue with this ruleset.I have check all subdomains with http to https and they all redirect back to http. There is no way to get them to resolve as https without forcing it in the extension.

If I understand correctly, there are problematic domains that aren't configured to go to HTTPS.

If that is the case, then just list in the comments above the ruleset about which ones gave issues and don't list them as valid targets.

A good example is this ruleset with problematic subdomains:
https://github.com/EFForg/https-everywhere/blob/master/src/chrome/content/rules/Acessa.xml

zoracon on 31 Jan 2019

Posted a cleaner ruleset as an example above ^

zoracon on 31 Jan 2019

@zoracon Okay thanks for the clarification. So you would create a ruleset even if it has no working domains? This is what I have so far:

> <!--
A note on this list - All of the url's on this site redirect to http unless signing in, this is automatically sent to https with preloaded hsts.

    Nonfunctional hosts in *.nintendolife.com:

    Redirects to http:
    nintendolife.com
    3ds.nintendolife.com
    3dsvc.nintendolife.com
    3dsware.nintendolife.com
    ds.nintendolife.com
    dsiware.nintendolife.com
    images.nintendolife.com
    m.nintendolife.com
    retro.nintendolife.com
    static.nintendolife.com
    vc.nintendolife.com
    wii.nintendolife.com
    wiiu.nintendolife.com
    wiiware.nintendolife.com

    Found in sublist3r but not functional:
    fs.nintendolife.com
    sp.nintendolife.com


-->
<ruleset name="Nintendolife.com">

    <rule from="^http:" to="https:" />
</ruleset>

RemakingEden on 31 Jan 2019

@RemakingEden Well, such ruleset won't pass relaxng test, and even if it did, it would effectively be a no-op.

pipboy96 on 2 Feb 2019

Well i'm afraid I need more guidence on the above if anyone can offer it. That is all I can figure out so far, unless there is another way to build rulesets. Please let me know if there is any documentation on this or we could close this request?

RemakingEden on 13 Feb 2019

Is there any currently functioning subdomain of nintendolife.com?

pipboy96 on 13 Feb 2019

@RemakingEden, redirects to HTTP means that:

https://subdomain.example.com -> http://subdomain.example.com

We can't add a rule in this case because it would create a redirect loop

https://subdomain.example.com -server-> http://subdomain.example.com -HTTPS Everywhere-> https://subdomain.example.com -server-> http://subdomain.example.com ...

In this case, https://nitendolife.com redirects to http://www.nitendolife.com (different subdomain). It's therefore a valid target for HTTPS Everywhere.

On a related note, https://www.nitendolife.com itself would be a valid target because it returns HTTP 200.

Bisaloo on 13 Feb 2019

👍3

@RemakingEden, redirects to HTTP means that:

https://subdomain.example.com -> http://subdomain.example.com

We can't add a rule in this case because it would create a redirect loop

https://subdomain.example.com -_server_-> http://subdomain.example.com -_HTTPS Everywhere_-> https://subdomain.example.com -_server_-> http://subdomain.example.com ...

In this case, https://nitendolife.com redirects to http://www.nitendolife.com (different subdomain). It's therefore a valid target for HTTPS Everywhere.

On a related note, https://www.nitendolife.com itself would be a valid target because it returns HTTP 200.