packages feed

https-everywhere-rules-raw-4.0: vendor/https-everywhere/src/chrome/content/rules/Live.xml

<!--
	For other Microsoft coverage, see Microsoft.xml.


	Nonfunctional domains:

		- explore.live.com		(404; mismatched, CN: *.windows.microsoft.com)
		- idsignup.live.com		(no https)
		- security.live.com		(no https)
		- messenger.services.live.com
		- startup.live.com
		- msrvideo.vo.msecnd.net	(400)
		- www.wlmessenger.net


	Problematic domains:

		- www.hotmail.co.jp *
		- www.hotmail.co.uk *
		- live.com		(no https)
		- sc[34].maps.live.com

	* Mismatched


	Fully covered domains:

		- dub*.afx.ms:

			- dub002
			- dub10[1-9]
			- dub11\d
			- dub12[0-4]

		- a.gfx.ms
		- auth.gfx.ms
		- (www.)hotmail.co.jp	(www → ^)
		- (www.)hotmail.co.uk	(www → ^)
		- hotmail.com
		- www.hotmail.com
		- gfx[5-8].hotmail.com

		- live.com subdomains:

			- (www.)	(^ → www)
			- account
			- c
			- c-mid
			- calendar
			- consent
			- contacts
			- devices
			- directory
			- \w+.directory:

				- people

			- domains
			- login.domains
			- favorites
			- g
			- groups
			- h
			- client.hip
			- dc[12].client.hip
			- hipservice
			- home
			- hotmail
			- sc.imp
			- login
			- \w+.login
			- mail

			- *.mail:

				- snt\d+
				- m
				- www

			- *.*.mail

			- maps subdomains:

				- mc1
				- sc[12]
				- sc[34]		(→ sc1.maps)

			- messenger

			- \w+.gateway.messenger:

				- baymsg\d+

			- mid
			- oauth
			- office
			- onecare
			- people
			- photos
			- profile

			- \w+.profile:

				- cid-\w+

			- rad

			- secure.\w+

				- secure.shared

			- directory.services
			- livecontacts.services
			- geo.messenger.services
			- signout
			- signup
			- skydrive
			- skygfx
			- status
			- storage

			- \w+.storage:

				- blufiles
				- byfiles
				- dm1files

			- \w+.users.storage:

				- cid-\w+

			- max.sup

		- live.net subdomains:

			- apis
			- df-feeds
			- feeds
			- js
			- l

		- \w+.bay.livefilestore.com:

			- c

		- \w+.vo.msecnd.net:

			- az83882.vo.msecnd.net		(on windowsazure.com
                        - az94986.vo.msecnd.net		(on so.cl)
                        - officeimg.vo.msecnd.net
			- s1-word-view-15.vo.msecnd.net

		- accountservices.passport.net
		- www.passportimages.com

		- p.sfx.ms

		- so.cl
		- www.so.cl

		- \w+.wlxrs.com:

			- js2
			- secure
			- skydrive


	Wildcard cookies:

		- *.account.live.com

-->
<ruleset name="Hotmail / Live">

	<target host="*.afx.ms" />
	<target host="*.gfx.ms" />
	<target host="hotmail.co.*" />
	<target host="www.hotmail.co.*" />
	<!--
		Target host is * because Live URLs can contain multiple unpredictable
		components, like http://snXXXw.sntXXX.mail.live.com/default.aspx
		In the current target host syntax, a wildcard can match only one
		hostname element, not two, and only one wildcard per target host
		is permitted.
				-->
	<target host="hotmail.com" />
	<target host="*.hotmail.com" />
	<target host="live.com" />
	<target host="*.live.com" />
	<target host="*.live.net" />
	<target host="*.bay.livefilestore.com" />
	<target host="*.vo.msecnd.net" />
		<!--
			400:

				https://trac.torproject.org/projects/tor/ticket/9026
					-->
		<exclusion pattern="^http://(?:az307127|az31465|az354189|az373151|az412849|msnchansea|msrvideo)\.vo\.msecnd\.net/" />
	<target host="www.passportimages.com" />
	<target host="p.sfx.ms" />
	<target host="so.cl" />
	<target host="www.so.cl" />
	<target host="*.wlxrs.com" />


	<!--	NB: Are cross-domain cookies needed on unsecurable pages?

	<securecookie host="^\.live\.com$" name=".+" /-->
	<securecookie host="^\.?(?:account|consent|(?:login\.)?domains|login|mail|messenger|profile|signup)\.live\.com$" name=".+" />
	<securecookie host="^people\.directory\.live\.com$" name=".+" />
	<securecookie host="^l\.live\.net$" name=".+" />


	<rule from="^http://dub(\d+)\.afx\.ms/"
		to="https://dub$1.afx.ms/" />

	<rule from="^http://a(uth)?\.gfx\.ms/"
		to="https://a$1.gfx.ms/" />

	<rule from="^https?://live\.com/"
		to="https://www.live.com/" />

	<!--	Microsoft itself protects the login this way but we can prevent
		against SSL stripping.
					-->
	<rule from="^http://(account|calendar|c|c-mid|consent|contacts|devices|(?:[\w-]+\.)?(?:directory|login|profile)|(?:login\.)?domains|favorites|g|groups|h|(?:dc\d\.)?client\.hip|hipservice|home|hotmail|sc\.imp|mail|(?:mc1|sc[12])\.maps|(?:\w+\.gateway\.)?messenger|mid|oauth|office|onecare|people|photos|rad|secure\.\w+|(?:directory|livecontacts|geo\.messenger)\.services|signout|signup|skydrive|skygfx|status|(?:[\w-]+(?:\.users)?\.)?storage|max\.sup|www)\.live\.com/"
		to="https://$1.live.com/" />

	<rule from="^https?://sc[34]\.maps\.live\.com/"
		to="https://sc1.maps.live.com/" />

	<rule from="^http://accountservices\.passport\.net/"
		to="https://accountservices.passport.net/" />

	<rule from="^https?://(?:www\.)?hotmail\.co\.(jp|uk)/"
		to="https://hotmail.co.$1/" />

	<!--	Both of these appear to trigger two good things: (1) the user is
		prompted to make HTTPS the default; (2) even if the user decides
		not to, the remainder of that mail-reading session is automatically
		HTTPS-only.
					-->
	<rule from="^http://(www\.)?hotmail\.com/"
		to="https://$1hotmail.com/" />

	<rule from="^http://gfx(\d)\.hotmail\.com/"
		to="https://gfx$1.hotmail.com/" />

	<!--	Example:
			http://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0 >>>
			https://snt133.mail.live.com/default.aspx?wa=wsignin1.0
							-->
	<rule from="^http://[^@:/\.]+\.([^@:/\.]+)\.mail\.live\.com/"
		to="https://$1.mail.live.com/" />

	<rule from="^http://(apis|df-feeds|feeds|js|l)\.live\.net/"
		to="https://$1.live.net/" />

	<rule from="^http://(\w+)\.bay\.livefilestore\.com/"
		to="https://$1.bay.livefilestore.com/" />

	<rule from="^http://(\w+)\.vo\.msecnd\.net/"
		to="https://$1.vo.msecnd.net/" />

	<rule from="^http://www\.passportimages\.com/"
		to="https://www.passportimages.com/" />

	<rule from="^http://p\.sfx\.ms/"
		to="https://p.sfx.ms/" />

	<rule from="^http://(www\.)?so\.cl/"
		to="https://$1so.cl/" />

	<rule from="^http://(\w+)\.wlxrs\.com/"
		to="https://$1.wlxrs.com/" />

</ruleset>