[tor-bugs] #8406 [EFF-HTTPS Everywhere]: Quantcast Ruleset Breaks Tumblr Login - needs Update/fixing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 26 00:35:19 UTC 2013
#8406: Quantcast Ruleset Breaks Tumblr Login - needs Update/fixing
-------------------------------------+--------------------------------------
Reporter: cypherpunks | Owner: pde
Type: defect | Status: reopened
Priority: normal | Milestone: HTTPS-E 3.1.5
Component: EFF-HTTPS Everywhere | Version:
Resolution: | Keywords: httpse-ruleset-bug
Parent: | Points:
Actualpoints: |
-------------------------------------+--------------------------------------
Changes (by pde):
* cc: dtauerbach, mikeperry, jmayer@… (added)
Comment:
This is very interesting. Seems like Quantserve might be doing secondary
auth here or something. Note the screen resolution that is being sentk to
Quantcast's pixel!
Anyway, the thing that stands out to me in the case where the ruleset is
enabled and the login is breaking is that pixel.quantcast.com is trying to
set a cookie three times, and it isn't being sent back to their server.
Now, the Quantcast ruleset ''does'' have a securecookie element which can
somtimes cause this kind of problem. But in this case all the requests to
Quantcast seem to be HTTPS, so I don't think that's it.
Perhaps the cypherpunks who reported this are running some other extension
that does cookie wrangling of some sort. In any case, I'm going to
disable the securecookie elements of this ruleset for 3.1.5.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8406#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list