getbootstrap.com

[galeksandrp]

Fix https://trac.torproject.org/projects/tor/ticket/19396

[J0WI]

Please also leave a comment in the rule about the issue there.

[galeksandrp]

Added.

[fuglede]

The site appears to work fine for me, and in particular I did not notice any redirect loops. Are there any specific steps to reproduce?

[jeremyn]

@fuglede The torproject bug labels it specifically for Chrome. I can't reproduce it on Firefox, and I can't test it on Chrome because of the #5874 .

[jeremyn]

Now that there's a fix/workaround for #5874 , I can confirm that https://themes.getbootstrap.com/products/dashboard loops in Chrome but not Firefox.

[jeremyn]

• Update the securecookie here to remove themes\.|. Otherwise what can happen is that a secure cookie is set at, for example, https://themes.getbootstrap.com but then can't be read at http://themes.getbootstrap.com/products/dashboard .

[galeksandrp]

Updated.

[J0WI]

I wonder why this works in Firefox, because of the

  <!-- sad hack because github pages doesn't support https -->
  <script>
     if (window.location.protocol == "https:") window.location.protocol = "http:"
  </script>

Console shows

NS_ERROR_UNEXPECTED:   dashboard:6
    <anonymous> https://themes.getbootstrap.com/products/dashboard:6:48

[jeremyn]

@J0WI I didn't dig into too much but it looks like this is a thing with Firefox, see here and here for example.

[fuglede]

I contacted the webmasters regarding the issue.

[fuglede]

And here's their response:

We appreciate you letting us know – it's an unfortunate necessity. Basically the way Shopify works it required us to force just the product pages to be insecure to iFrame our content in without issue
in some situations. It wasn't our favorite either, but was the only surefire way to solve the issue without basically getting Shopify to accept a feature request. That said, every other page is
secure, so we figured we could deal with the inconvenience.