search

claustromaniac / httpz

Fat-free hardenable opportunistic encryption for Firefox
https://addons.mozilla.org/firefox/addon/httpz/
GNU General Public License v3.0
62 stars 5 forks source link

Opening multiple HTTP sites from bookmarks library causes HTTPZ to fail #10

Closed Gitoffthelawn closed 5 years ago

Gitoffthelawn commented 5 years ago

STR:

  1. Open the native bookmarks library in Mozilla Firefox 66.0.3
  2. Search for "http://"
  3. Multi-select 10-20 http URLs
  4. Right-click a url, and select "Open in tabs" to open all the selected bookmarks.
  5. Notice that some tabs that fail on HTTPS don't get reverted to HTTP by HTTPZ. HTTPZ works fine on those sites when opened individually.
claustromaniac commented 5 years ago

0.7.0b should fix this. Please, let me know if that is not the case.

Gitoffthelawn commented 5 years ago

Thanks! I'll give it a spin. AMO show a "last updated" date of a few hours ago, but still only lists 0.6.2. Can you put it up on AMO, if it's not already being processed there?

claustromaniac commented 5 years ago

Unfortunately, AMO doesn't have functionality for uploading pre-releases there. Every version I upload there is considered the latest stable version, meaning it gets auto-installed on people's profiles (which could be bad).

The XPI attached to the latest release here passed the automated tests and was signed by Mozilla, though. So, it comes from AMO. You just have to install it manually (cog in about:addons -> Install Add-on From File...).

Just in case you're wondering, Firefox stable rejects installing unsigned extensions, so if you can install an extension at all, it is because it was signed.

Gitoffthelawn commented 5 years ago

You promise the xpi is the same as the source? ;)

Well, you gotta trust someone sometime, and I've known and trusted you for a long time. :)

claustromaniac commented 5 years ago

Why, thank you for trusting me :smile_cat:, but trust is not really necessary. The xpi is just a zip file, and I'm not using code minifiers or anything like that, so you can actually extract it and read its contents on your own. The code for the 0.7.0b version is in the overhaul branch, if you want to compare.

Gitoffthelawn commented 5 years ago

That's where it is! I was looking for it.

Where does Firefox search for updates to extensions added manually?

I'm not seeing anything in the manifest.

claustromaniac commented 5 years ago

I didn't set it up to update from a custom origin, if that's what you're asking. Beta releases update from AMO just like normal releases. When I release 0.7.0 (stable) on AMO, you won't have to install that version manually.

Gitoffthelawn commented 5 years ago

Thanks. So FF sees id: httpz@cm.org in the manifest, thereby knowing it's actually HTTPZ on AMO, and gets updates from AMO automatically?

claustromaniac commented 5 years ago

Yup. They have that, and the signature inside the xpi. By the way, what I said before about uploading to AMO isn't exactly accurate in that the source code for the beta releases is on AMO too, since I had to upload it for them to run their automated tests and sign it. It just isn't public (there).