Author: Seth Schoen <[email protected]> Date: Thu, 11 Nov 2010 12:23:52 -0800 Subject: thanks to Chris Soghoian for pointing out that HTTPS is available here now! Commit: 17c79ff60421ec03287111680d2cbbaf22d9546a
--- src/chrome/content/rules/Live.xml | 22 +++++++++++++++++++--- 1 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/chrome/content/rules/Live.xml b/src/chrome/content/rules/Live.xml index 138428d..2649560 100644 --- a/src/chrome/content/rules/Live.xml +++ b/src/chrome/content/rules/Live.xml @@ -1,6 +1,22 @@ <ruleset name="Live"> - <target host="login.live.com" /> - <target host="onecare.live.com" /> - + <target host="*" /> + <!-- target host is * because Live URLs can contain multiple unpredictable + components, like http://snXXXw.sntXXX.mail.live.com/default.aspx + In the current target host syntax, a wildcard can match only one + hostname element, not two, and only one wildcard per target host + is permitted. --> + + <!-- Microsoft itself protects the login this way but we can prevent + against SSL stripping. --> <rule from="^http://(login|onecare)\.live\.com/" to="https://$1.live.com/"/> + + <!-- Both of these appear to trigger two good things: (1) the user is + prompted to make HTTPS the default; (2) even if the user decides + not to, the remainder of that mail-reading session is automatically + HTTPS-only. --> + <rule from="^http://(www\.)hotmail\.com/" to="https://www.hotmail.com/"/> + <rule from="^http://([^@:/]+)\.([^@:/]+)\.mail.live.com/" to="https://$2.mail.live.com/"/> + <!-- example: + http://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0 >>> + https://snt133.mail.live.com/default.aspx?wa=wsignin1.0 --> </ruleset> -- 1.7.1
