I have now tested this ruleset: <ruleset name="ICA Banken"> <target host="www.icabanken.se"/> <target host="icabanken.se"/> <rule from="^http://(www\.)?icabanken\.se/" to="https://www.icabanken.se/"; /> <securecookie host="^(.*\.)?icabanken\.se$" name=".*" /> </ruleset>
… with Firefox 26 and HTTPS Everywhere 4.0development.14. The rule works, but I don’t know how to check if the securecookie-rule is correct and works as intended. Thank you Brian for your guidance and your patience. Thanks and regards, Joakim 2014/1/14 Drake, Brian <[email protected]> > Yes, both <target> elements are required. As I understand it, they tell > the software which rulesets to process. Therefore, if you are missing the > one without “www”, then when you have a request to http://icabanken.se/, > the software won’t process this ruleset at all. > > I had a quick look at the site and its cookies and there seems to be no > indication of any other subdomains. > > So it would probably be a good idea to install the ruleset with the > <securecookie> tag and test it, if you haven’t done that already. > > -- > Brian Drake > > All content created by me: > Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© 2014 > Brian Drake. All rights reserved. > > On Tue, Jan 14, 2014 at 1627 (UTC), Joakim Walldén < > [email protected]> wrote: > >> Thanks. >> >> So <target host="icabanken.se"/>, without “www”, must be included, >> although only www.icabanken.se is available. >> >> <ruleset name="ICABANKEN.se"> >> <target host="www.icabanken.se"/> >> <target host="icabanken.se"/> >> <rule from="^http://icabanken\.se/"; to="https://www.icabanken.se/"/> >> <rule from="^http://www\.icabanken\.se/"; to="https://www.icabanken.se/ >> "/> >> </ruleset> >> >> Or, with the suggested combined rule: >> >> <ruleset name="ICABANKEN.se"> >> <target host="www.icabanken.se"/> >> <target host="icabanken.se"/> >> <rule from="^http://(www\.)?icabanken\.se/" to=" >> https://www.icabanken.se/"; /> >> </ruleset> >> >> Secure cookie, maybe >> >> <securecookie host="^(.*\.)?icabanken\.se$" name=".*" /> >> >> As far as I have seen, the entire site is available over HTTPS. Most >> links on the page lead to HTTP, unless the user is logged in. However, I >> have the domain added to Chrome’s HSTS-list, and that works well. I am not >> aware of any subdomains, only www.icabanken.se. >> >> Thanks and regards, >> Joakim >> >> >> 2014/1/13 (UTC) Drake, Brian <[email protected]> >> >> It looks good, except that you are missing <target host="icabanken.se" >>> />. >>> >>> Again, you could combine the rules: >>> >>> <rule from="^http://(www\.)?icabanken\.se/" to=" >>> https://www.icabanken.se/"; /> >>> >>> This does the same thing as the separate rules, but in one rule. >>> >>> If the entire site is available over HTTPS, you should secure the >>> cookies (but I don’t have much experience myself in that area). >>> >>> <securecookie host="^(.*\.)?icabanken\.se$" name=".*" /> >>> >>> Remember to consider any other subdomains of icabanken.se when you do >>> that. >>> >>> -- >>> Brian Drake >>> >>> All content created by me: >>> Copyright<http://www.wipo.int/treaties/en/ip/berne/trtdocs_wo001.html>© >>> 2014 Brian Drake. All rights reserved. >>> >>> On Mon, Jan 13, 2014 at 1417 (UTC), Joakim Walldén < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I suggest adding a ruleset for icabanken.se. >>>> >>>> <ruleset name="ICABANKEN.se"> >>>> <target host="www.icabanken.se"/> >>>> <rule from="^http://icabanken\.se/"; to="https://www.icabanken.se/"/> >>>> <rule from="^http://www\.icabanken\.se/"; to="https://www.icabanken.se/ >>>> "/> >>>> </ruleset> >>>> >>>> I hope it is correctly created. >>>> >>>> Thanks and regards, >>>> Joakim >>>> >>>
