Skip to content
This repository was archived by the owner on Nov 6, 2023. It is now read-only.

Added dragonsmoke.cloud rule#8800

Closed
TheOpenSourceNinja wants to merge 1 commit intoEFForg:masterfrom
TheOpenSourceNinja:master
Closed

Added dragonsmoke.cloud rule#8800
TheOpenSourceNinja wants to merge 1 commit intoEFForg:masterfrom
TheOpenSourceNinja:master

Conversation

@TheOpenSourceNinja
Copy link
Copy Markdown

@TheOpenSourceNinja TheOpenSourceNinja commented Feb 25, 2017

I've recently set up the web site dragonsmoke.cloud with HTTPS, so I thought I'd submit a rule for HTTPS Everywhere.

J0WI
J0WI reviewed Mar 16, 2017
View reviewed changes
src/chrome/content/rules/Dragonsmoke.cloud.xml
<target host="dragonsmoke.cloud" />
<target host="www.dragonsmoke.cloud" />

<rule from="^http://(www\.)?dragonsmoke\.cloud/" to="https://www.dragonsmoke.cloud/" />
Copy link
Copy Markdown
Contributor

@J0WI J0WI Mar 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you forcing to redirect to the www subdomain? HTTP is working on both and the redirect works on the servers side.

Copy link
Copy Markdown
Author

@TheOpenSourceNinja TheOpenSourceNinja Mar 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The server redirects you to www no matter what, so there's no reason we should redirect to the non-www version. Might as well just skip straight to www.

Copy link
Copy Markdown
Contributor

@J0WI J0WI Mar 16, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See our upcoming guideline:
https://github.com/EFForg/https-everywhere/blob/3b8017cdd8f36337b817e07b67944a4f0340e376/CONTRIBUTING.md#snapping-redirects

@J0WI
Copy link
Copy Markdown
Contributor

J0WI commented Mar 16, 2017

You should have a look on https://hstspreload.org/ which makes a rule in HTTPS Everywhere obsolete.

@TheOpenSourceNinja
Copy link
Copy Markdown
Author

TheOpenSourceNinja commented Mar 16, 2017

Already submitted to hstspreload.org :)
I don't think it entirely obsoletes HTTPS Everywhere rules though. HTTPS Everywhere can run on current & outdated browser versions, whereas the HSTS preload list with my site added will presumably only be pushed to future browser versions.
Since I set up dragonsmoke.cloud primarily as an exercise in making my web server as secure as possible, I'm trying to eliminate (as far as possible) the "insecure first connection" problem by adding to both HTTPS Everywhere and hstspreload.org.

@jeremyn
Copy link
Copy Markdown
Contributor

jeremyn commented Dec 5, 2017

@TheOpenSourceNinja Are you still interested in working on this?

@jeremyn
Copy link
Copy Markdown
Contributor

jeremyn commented Dec 20, 2017

I'm closing this pull request due to lack of response from @TheOpenSourceNinja . Also, both https://dragonsmoke.cloud and https://www.dragonsmoke.cloud fail HTTPS, so there is no ruleset to make here anyway.

@jeremyn jeremyn closed this Dec 20, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@J0WI J0WI J0WI left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

new-ruleset

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TheOpenSourceNinja @J0WI @jeremyn