In trivial-validate.py we get a lot of warnings about rules that
redirect to HTTP. This seems like a normal thing, since some parts
of sites may not support HTTPS. But there's an alternate mechanism,
exclusions. Can anyone fill me in on why both mechanisms exist?
Would it be correct to reformulate all downgrade rules as exclusions
instead? Two examples below.
Fourmilab:
https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/chrome/content/rules/Fourmilab.xml#l32
<!-- Without the following downgrade rule, images requested via the
URL
starting with http://www.fourmilab.com.ch/cgi-bin/uncgi/Earth?
or
http://www.fourmilab.com.ch/cgi-bin/Earth? may not load
completely.
(February 26, 2013.)
-->
<rule from="^https://(?:www\.)?fourmilab\.ch/cgi-bin/(?:uncgi/)?Earth\?"
to="http://www.fourmilab.ch/cgi-bin/Earth?"; downgrade="1" />
Zipcar:
https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/chrome/content/rules/Zipcar.xml
<target host="*.zipcar.com" />
<exclusion pattern="http://members\.zipcar\.com/(?!apply|regist)"
/>
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
