Https-everywhere: Known issue: Release 2020.3.16 breaks whitelisting of some URLS and "open insecure page" button for them.

Created on 17 Mar 2020  路  10Comments  路  Source: EFForg/https-everywhere

Type: code issue

Update to Release 2020.3.16 with new feature that allows manually whitelisting hosts seems to break whitelisting for few URLs that I'm using.

For example, if I have EASE enabled when I visit URL like http://abcd.local:4000 (which points to something along the lines of 127.x.y.z in my hosts file), I see the HTTPS Everywhere noticed you were navigating to a non-HTTPS page, even though I had whitelisted it in previous versions by pressing "open insecure page". Looking at the list of hosts I see an entry for abcd.local:4000 in there but it doesn't seem to be doing anything. Deleting it doesn't change anything, re-adding it also seems to have no effect.

Neither pressing "open insecure page" nor pressing "open insecure page for this session only" nor manually whitelisting it seems to work, so it seems that the only currently available workaround is to disable EASE.

bug
Source
picture ivan-kolmychek
👍2

Most helpful comment

Thank you for reacting fast, fixing the issue and providing a workaround.

@ivan-kolmychek Thank you for reporting concisely. The shelter-in-place order was rolled out while this release was being made. I really appreciate the understanding.

picture zoracon on 23 Mar 2020
👍2

All 10 comments

Forgot to mention that it all is happening in Chromium 80.0.3987.132.

ivan-kolmychek picture ivan-kolmychek on 17 Mar 2020

18760 introduced a regression for the whitelisting features, I have just filed a fix #19032.

cschanaj picture cschanaj on 17 Mar 2020
👍2

And there appears to be no plans to do a release for a couple weeks:
https://github.com/EFForg/https-everywhere/pull/19032#issuecomment-600146695

jmgurney picture jmgurney on 18 Mar 2020

@jmgurney You may thank COVID-19 for that.

pipboy96 picture pipboy96 on 18 Mar 2020

Thanks to @zoracon for providing a work around for this issue:
https://github.com/EFForg/https-everywhere/pull/19032#issuecomment-600841064

Installing the previous 2019.11.7 fixes this issue for me. I do not know if auto updates will work in the future, or if this work around will have to regularly reapplied due to auto updates.

jmgurney picture jmgurney on 18 Mar 2020
👍1

Another option is to turn off EASE (Encrypt All Sites Eligible), but if you have that turned on, likely you do for a very valid reason, and disabling that is likely worse than downgrading.

https://github.com/EFForg/https-everywhere/pull/19032#issuecomment-600885540

P.S. @zoracon I'd recommend leaving this issue open until a release is pushed so that people can find these solutions instead of creating new issues. It was very easy to find when it was open since it was recent and near the top, but now that it's closed, it will be harder for people to find the solutions.

jmgurney picture jmgurney on 19 Mar 2020
👍1

Thank you for reacting fast, fixing the issue and providing a workaround.

Given the circumstances I think its totally understandable that release cannot be cut right now.

ivan-kolmychek picture ivan-kolmychek on 23 Mar 2020
👍2

Thank you for reacting fast, fixing the issue and providing a workaround.

@ivan-kolmychek Thank you for reporting concisely. The shelter-in-place order was rolled out while this release was being made. I really appreciate the understanding.

zoracon picture zoracon on 23 Mar 2020
👍2

Due to the fact this discussion is not realistically able to make the shelter-in-place order go away, I am locking this issue. @zoracon please reverse if appropriate.

pipboy96 picture pipboy96 on 23 Mar 2020

Resolved with https://github.com/EFForg/https-everywhere/pull/19288

zoracon picture zoracon on 22 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

a0193143 picture a0193143  路  4Comments
jsha picture jsha  路  3Comments
the8472 picture the8472  路  4Comments
J0WI picture J0WI  路  3Comments
diracdeltas picture diracdeltas  路  3Comments