Bisaloo
commented
7 years ago Thank you for your report!
You are right, this website loads script from plain http sources and our current rule was causing it to break. I fixed it in #9695, which should land in the next release.
www.sciencedirect.com is partially broken when using HTTPS Everywhere. I suppose the website uses several insecure connections, such as to els-cdn.com (the Elsevier CDN). When letting Chrome "Load unsafe script", the site works as expected.
It may be problematic to resolve this issue on the side of the website because it also makes calls to educational institutions servers to check if users have access rights to certain articles. These calls, at least for some institutions, are insecure. Therefore, I suppose a different rule should be used in HTTPS Everywhere, right?
Example: https://www.sciencedirect.com/science/article/pii/S0004370215000843
Thanks for your help.