Redirect to urls that forced to https by Noscipt is going thought http.

[ghost]

I have domains that always forced to https by Noscript, but RP redirect to them throught http. Can this be resolved?

[myrdd]

@stepshal Please provide more information. Are you using the latest development version of RPC [1]? See also https://github.com/RequestPolicyContinued/requestpolicy/issues/775#issuecomment-227738159.

[1] https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/versions/beta

[ghost]

@myrdd when i on some https site try to open http link, that is forced to https by Noscript, RP ask for permission to redirect to this site through http, but i want https.

[myrdd]

RP ask for permission to redirect to this site through http

Please show a screenshot of both the redirection notification and the request log, and provide the url of the website with this problem. Make sure you're using the latest development version of RPC.

[ghost]

@myrdd found example, even if site is https by default now: https://twitter.com/LIRIK/status/777955697577201664 Cick on link to twitch.tv and it will ask to redirect through http.

[myrdd]

I see. This is what you are describing:

Steps to reproduce

1. RP (development version) installed
2. NoScript installed
3. NoScript: Force twitch.tv to HTTPS:
4. Visit https://twitter.com/LIRIK/status/777955697577201664
5. NoScript: Allow scripts
6. Click on the link to https://t.co/qdThf0N9PK

What happens?

Clicking on the link opens that link in a new foreground tab. The request log shows a blocked request: https://twitter.com/... -> http://www.twitch.tv/lirik. See this screenshot:

When "Allow" is clicked on RP's notification bar, the destination page (https) is opened. The request log shows a request to http://www.twitch.tv/lirik and then to https://www.twitch.tv/lirik. This means NS has redirected HTTP to HTTPS. See this screenshot:

Inspection

https://t.co/qdThf0N9PK gives the following response:

<head><meta name="referrer" content="always"><noscript><META http-equiv="refresh" content="0;URL=http://www.twitch.tv/lirik"></noscript><title>http://www.twitch.tv/lirik</title></head><script>window.opener = null; location.replace("http:\/\/www.twitch.tv\/lirik")</script>

Without RP and NS installed, this will directly redirect to http://www.twitch.tv/lirik. However, RP recognizes the META redirection and blocks it. So the redirection notification bar appears. As the request log shows, RP doesn't know anything about the https enforcement yet. Later, when the request to the http url is allowed, the redirection (by NoScript) to https is allowed as well.

Once again, note that you need the development version of RP, because some important changes are not merged into the official release yet.

Conclusion

RP cannot know that any other addon—NoScript in this case—will enforce https. Therefore RP shows the "http" url, which is correct. I'm closing this bug as invalid, because there is no misbehavior in RP.

@stepshal Next time, be clear and detailed. I won't always take the time to guess what you could have thought.