[tor-bugs] #11599 [HTTPS Everywhere: Chrome]: Ning.com rule causes missing images in hosted websites

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 24 23:32:13 UTC 2014


#11599: Ning.com rule causes missing images in hosted websites
-------------------------------------+-------------------------------------
 Reporter:  cypherpunks              |          Owner:  pde
     Type:  defect                   |         Status:  new
 Priority:  normal                   |      Milestone:  HTTPS-E 3.5
Component:  HTTPS Everywhere:        |        Version:  HTTPS-E chrome
  Chrome                             |  2013.10.16
 Keywords:  httpse-ruleset-bug       |  Actual Points:
Parent ID:                           |         Points:
-------------------------------------+-------------------------------------
 The HTTPS Everywhere rule for ning.com (partial) causes images to be
 missing from ning-hosted websites, e.g. DiyDrones.com .

 Note: The actual version is HTTPS-E chrome 2014.4.16 .

 Defect is due to an invalid certificate on Ning's CDN.

 This is the communication I had with Ning:

 Apr 22 12:46 PM
 The SSL certificate for https://origin-api.ning.com is invalid. It does
 not match the URL, it is expired, and it does not have a valid CA.
 The certificate for https://www.ning.com is valid and would also work for
 origin-api.ning.com. You should install it to all your servers.

 Aaron (Ning Help Center)
 Apr 23 05:20 PM
 Hi there,
 Thanks for your question! We don't support SSL on that URL. That serves up
 our images via our CDN, which is also not currently set up for SSL.
 Best,
 Aaron

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11599>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list