search

Rob--W / https-by-default

Use HTTPS by default for navigations from the location bar in Chrome / Firefox.
MIT License
63 stars 12 forks source link

HTTPS for third-party domains #5

Open jgmoss opened 8 years ago

jgmoss commented 8 years ago

Does this add-on convert third-party domains to HTTPS as well? For instance, if I visit a site and calls are made to another domain, are those requests also HTTPS?

Rob--W commented 8 years ago

At the moment, the add-on only changes the default in the location bar. Nothing else is modified, but I've previously expressed interest in forcing everything to be https unless stated otherwise (that might break some websites though, so I haven't implemented it yet).

The good news is that http in https sites can be blocked. Active content such as scripts are blocked by default, images are enabled by default but you can also block them.

Go to about:config, search for mixed_content, and make sure that the following are set to true:

security.mixed_content.block_active_content
security.mixed_content.block_display_content

In Chrome, mixed content is

EC-O-DE commented 6 years ago

+1 for an ext that redirects to HTTPS if available - and to HTTP if not availabe - of any url.

fmarier commented 6 years ago

+1 for an ext that redirects to HTTPS if available - and to HTTP if not availabe - of any url.

Smart HTTPS (revived) might be what you are looking for.