HTTPS Everywhere causes interstitial warning pages on Google Images

[cypherpunk]

Example: http://www.google.co.uk/imgres?imgurl=http://images.amcnetworks.com/amctv.com/wp-content/uploads/2014/04/BB-explore-S3-980x551-clean.jpg&imgrefurl=http://www.amctv.com/shows/breaking-bad&h=551&w=980&tbnid=QJwSrnT2QDNn9M:&zoom=1&docid=UJULL-Cu8ghIHM&ei=3X3kVJWXBYqqywOBmoLYCg&tbm=isch&ved=0CEMQMygNMA0

If you click on an image on a Google Images search results page and then click on "View image" you will be redirected to a interstitial warning page - like https://www.google.com/url?sa=i&source=images&cd=&ved=0CAUQjBw&url=http%3A%2F%2Fimages.amcnetworks.com%2Famctv.com%2Fwp-content%2Fuploads%2F2014%2F04%2FBB-explore-S3-980x551-clean.jpg&ei=DoHkVMjeF4LQygOBuIGoCw&psig=AFQjCNFLGMIcSPAfaayPqVgSYTh1I_cfyA&ust=1424347790437361 - saying that the page is trying to redirect the user to http://images.amcnetworks.com/amctv.com/wp-content/uploads/2014/04/BB-explore-S3-980x551-clean.jpg
Is there any way to fix this?

[jsha]

It looks like this is caused by Google's redirect page being rewritten to www.google.com instead of www.google.co.uk which it should be. I'm guessing the psig parameter is a signature over the URL that includes the hostname (but potentially not the scheme), and that signature fails after rewrite, prompting the interstitial.

[cypherpunk]

It seems like this happens on all Google sites except for google.com. Is there any other way to fix this than to disable https on Google Images?

[jsha]

Yes, I think we can fix it at the ruleset level for the next release. Unfortunately in the meantime I think the only way to fix it is to disable that ruleset in your browser.

[fuzzyroddis]

@cypherpunk what version of HTTPS Everywhere are you using?

[fuzzyroddis]

Bad Google, Bad!

https://www.google.co.uk/imgres?imgurl=http://images.amcnetworks.com/amctv.com/wp-content/uploads/2014/04/BB-explore-S3-980x551-clean.jpg&imgrefurl=http://www.amctv.com/shows/breaking-bad&h=551&w=980&tbnid=QJwSrnT2QDNn9M:&zoom=1&docid=UJULL-Cu8ghIHM&ei=3X3kVJWXBYqqywOBmoLYCg&tbm=isch&ved=0CEMQMygNMA0

HTTP/1.1 301 Moved Permanently
Location: http://www.google.co.uk/imgres?imgurl=http://images.amcnetworks.com/amctv.com/wp-content/uploads/2014/04/BB-explore-S3-980x551-clean.jpg&imgrefurl=http://www.amctv.com/shows/breaking-bad&h=551&w=980&tbnid=QJwSrnT2QDNn9M:&zoom=1&docid=UJULL-Cu8ghIHM&ei=3X3kVJWXBYqqywOBmoLYCg&tbm=isch&ved=0CEMQMygNMA0

I'll look into this, I'd like to keep encrypted image searches.
I have a feeling redirecting /imgres to google.com/imgres might work.

[cypherpunk]

@StevenRoddis I'm using HTTPS Everywhere 4.0.3.

[fuzzyroddis]

My branch still doesn't fix this. I plan to address this in the future.
I'm curious how one lands on /imgres I haven't worked that out. Do you use NoScript?

[IBBoard]

I hit this interstitial as well. I'm not using NoScript, but I am using Ghostery and AdBlock Plus. You can end up on the /imgres page if you middle-click to open in a new tab (so it doesn't load the dark grey page as inline content). Whether I middle-click or left-click then the "View Image" button drops me to the confirmation interstitial next.
If I edit the URL of the interstitial from ".com" to ".co.uk" (which is what the search was initiated from) then I do get the image straight away.

[cypherpunk]

Maybe we could ask Google to fix this since the problem is on their end?

[cypherpunk]

These interstitial warning pages are still appearing.

[IBBoard]

I'm not getting interstitials any more, but I've just realised that I'm getting the HTTPS → HTTP redirect behaviour that @fuzzyroddis mentioned. I don't know when that changed for me.

I'm running 5.1.1.

[semenko]

Tentatively closing, since I haven't seen this in a while -- likely fixed on Google's end.

Please reopen / comment if you see it again.

[IBBoard]

Confirmed that I'm not seeing it now, and the dark grey "View Image"/"Visit Page" page is on HTTPS and doesn't get forced to HTTP.