Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Peter Eckersley@pde

Infinite loops in Facebook settings pages

Facebook HTTPS support is broken in strange ways for users who haven't enabled the optional Facebook HTTPS setting.

For such users, pages like this one:

https://www.facebook.com/editaccount.php?networks

Redirect back to http. In the past, that was merely a security flaw, but recently the redirect changed from an HTTP redirect to a fast JavaScript redirect, which means that our loop detection code does not spot it. The redirection script is here: http://pastebin.com/SiWYzMug (note the hard-coded "http").

This is really Facebook's bug, but we should also consider what we can do about cases like this.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information