search

YF-GoogleCodeBackups / https-finder

Automatically exported from code.google.com/p/https-finder
0 stars 0 forks source link

Add "Delay Page Load" Option #45

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
As mentioned, there is the chance that during the load of the unencrypted 
version of the website, someone might grab cookies.
Could an option be added to block the page load until HTTPS support is known?

Original issue reported on code.google.com by Sub.Atom...@gmail.com on 16 Dec 2011 at 9:13

GoogleCodeExporter commented 8 years ago 
This is a good idea - It's probably not ideal for every day use due to actually 
slowing down/halting page loads during the detection phase, but in the 
situation of being on public open wifi, a more restrictive/safe browsing method 
such as this would be valuable.

I'm starting work on this. I'm not exactly sure how involved it will be, but 
it's a good idea. Thanks for the suggestion.

Original comment by jacobsK...@gmail.com on 19 Dec 2011 at 4:30

GoogleCodeExporter commented 8 years ago 
If HTTPS is not available, a warning resembling the "This might void you 
warranty." message from about:config could be shown, with a "whitelist this 
site" checkbox, defaulting to unchecked, and a continue button.

Thank you for your responsiveness and contributing a crucial feature to my 
browser.

Original comment by Sub.Atom...@gmail.com on 21 Dec 2011 at 9:55

GoogleCodeExporter commented 8 years ago 
I've started development on this with a new branch on my Github account 
(https://github.com/kevinjacobs/HTTPS-Finder/tree/Dev_Cookies). Basically just 
adding code to be able to set the securecookie flag for any applicable cookies.

It's still very much in progress, but I'd like the ability to flag cookies for 
specific domains, something like this: http://i.imgur.com/swUoL.jpg

As with everything HTTPS Finder does, it shouldn't be considered a replacement 
for HTTPS Everywhere. Though automating things does have some benefits, we 
can't be very aggressive (or concise..) since there's the possibility of 
breaking some sites by modifying the cookies. 

Once we can reliably attempt to secure cookies, I can look into halting page 
load until HTTPS status is known.

Original comment by jacobsK...@gmail.com on 28 Dec 2011 at 8:14

GoogleCodeExporter commented 8 years ago 
I just uploaded a development build with the ability to set the securecookie 
flag for detected domains. I'm testing it right now to see if it causes any 
problems, you're welcome to try it here: 

https://code.google.com/p/https-finder/downloads/detail?name=httpsfinder081d1.xp
i

Original comment by jacobsK...@gmail.com on 29 Dec 2011 at 9:58