Open elvey opened 4 years ago
Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1628831
Chrome: https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html
Other browser: I don't know.
EDIT: Added link to Chrome's announcement about turning on https by default in Chrome 90.
Some old links from Security SE question:
Firefox 83 now has an option to force HTTPS-only mode: https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
It takes it even further than this extension as it includes subresources as well.
Allegedly the feature was released in Chrome 90, but it's off by default in the build: https://bugs.chromium.org/p/chromium/issues/detail?id=1200048#c10
To enable it, visit chrome://flags
and set #omnibox-default-typed-navigations-to-https
to Enabled.
Note that the scheme is hidden by default. The Chromium patch in this repo shows the scheme, but an alternative to that is to load the extension at https://gist.github.com/Rob--W/cd9839f5157019912e68e8e4e3e15eb0 or set the referenced flags at chrome://flags
.
From the main page:
This extension has been working perfectly for me, and I very often enter domains into my browser (Firefox).
So I thought it would be useful to have a tracking bug to organize constructive efforts to achieve the ultimate goal. (Please, if you're commenting, keep far away as possible from whiny stuff -anything that's not clearly constructive, including comments on my parentheticals.) On topic would be, first of all, status with each major browser, status re. proving it's time for https by default. Links to relevant issues in their bug tracking systems & mailing list discussions too. (But not prematurely - let's not facilitate whining- ditto in those systems.) Hoping to see a comment from the team with some info soon.
[edit: Firefox(Mozilla): progressing well. There is active work being done (code changes ; bugs this depends on being opened and closed) on by a 'Julian' on bug 1613063 and connected to a bug opened by Rob--W.]