Warning for HTTPS enforced page redirecting to http

[GoogleCodeExporter]

The code is there, but I commented it out temporarily - need a smarter way to 
handle it for a future release (determine click redirect from within document 
vs typing/hitting enter for a new url? Not sure if we can separate these 
programmatically, but it would make the alerts less common and more 
meaningful). 

Original issue reported on code.google.com by jacobsK...@gmail.com on 17 Feb 2011 at 11:14

[GoogleCodeExporter]

I think that this may be the the same as my post "Need Ability To White List.."

While White listing may be self defeating it would at least allow the user the 
option to fully utilize the website that has a HTTPS URL and a unencrypted 
connection.

As it stands now if a website has a top domain HTTPS URL and an unencrypted 
connection within the website you can fully utilize the website if you are 
using HTTPS Finder because as it is designed to do HTTPS Finder will force a 
connection to a top level Domain with a HTTPS URL if it finds one.  So once 
there if all the connection on the entire website are not encrypted you can not 
use both HTTPS Finder and all the features of the website.

This is a great limitation on wanting to use HTTPS Finder.  No one wants to be 
forced to secure top level domain and then not to be able to fully utilize all 
the webpages and features within that website.

Having been a Systems Analyst, Designer and Implementer for over 30 years 
before retiring I would consider this problem a major bug in the software.

As much as I love the concept of this software unless this problem is resolved 
the headache of using this addon is not worth the gain.

Using HTTPS Everywhere along with Google searches can find me HTTPS top 
domains.  Firefox will still give me the warning when I am about to go over an 
unencrypted connection within a Secure domain and then I can make the choice to 
proceed or not.  However if I proceed to use the unencrypted connection of my 
own choice then I will be able to to.  Whereas with HTTPS Finder in its current 
design I cannot because it will force be back to the HTTPS URL.

So it comes down to deciding which is more trouble.

Using HTTPS Everywhere and Google to find me and get me to HTTPS domains or be 
forced there with HTTPS Finder and then having less than a 100% use of the 
website do to this problem?

cheers.

Not edited.

Original comment by CA.Liber...@gmail.com on 20 Mar 2011 at 4:50

[GoogleCodeExporter]

I agree completely, however the bug you're mentioning is only present if the 
"auto-forward" is turned on.  Otherwise it will alert you that HTTPS is there, 
but it won't forward without your explicit permission.  

The next version of HTTPS Finder has url parsing that should work for creating 
HTTPS Everywhere rules for any top level domain (It's already done actually), 
so really people should be using it to make rules that HTTPS Everywhere will 
enforce.  After that I'll continue to work on the whitelist and better HTTPS 
enforcement during a session, but the original intent of this extension was to 
augment HTTPS Everywhere.

This is only the second experimental release of HTTPS Finder also, so I'm still 
implementing a lot of these abilities.

Thanks for the post!

Original comment by jacobsK...@gmail.com on 20 Mar 2011 at 5:04

[GoogleCodeExporter]

Original comment by jacobsK...@gmail.com on 13 Apr 2011 at 4:32

• Changed state: WontFix