OT: alternatives to HTTPZ and HTTPS Everywhere

[rusty-snake]

@hushkamala

I don't wanted to spam #66 so here you go.

I don't know if it will ever be fixed, including all the other problems that i found when searching for my problem. Since there's not much code or issue resolving activity for about one year

If you want a fix now, you can do what I do. I switched from HTTPZ to firefox' https_only_mode (HOM) for around 6 month. But then I switched away from HOM because of some early bugs (the most are fixed now) and started using the secure feature from Request Control. You can import the rule below and add a exclude regex like /^http:\/\/[^/]*:(80|8080)/.

[
  {
    "uuid": "0d87357d-b53e-443a-aa15-ed289feb319f",
    "pattern": {
      "scheme": "http",
      "host": [
        "*"
      ],
      "path": [
        "*"
      ],
      "excludes": [
        "/^http:\\/\\/127\\.0\\.0\\.1(:[0-9]+)?\\//"
      ]
    },
    "action": "secure",
    "active": true,
    "redirectUrl": "",
    "title": "HTTPZ",
    "description": "Upgrade%20non-secure%20(HTTP)%20requests%20to%20secure%20(HTTPS)."
  }
]

[hushkamala]

Hi, So this will exclude any site whit HTTP port defined and localhost urls. But does it try HTTPS for all others and fallback to HTTP if it doesn't work? Like HTTPZ does. If not i would be adding new exclude rules frequently. With HTTPZ i didn't have any problem until yesterday with that one site, and then searching for my problem exposed the others which just led me to switch to HTTPS Everywhere.

I like the idea of your suggestion and i'm gonna try it to see if i have to be adding rules. I know abou HOM and didn't switch to it because of this. I don't know if it tests and fallsback. Also saw other extensions with RegExp control (https://addons.mozilla.org/en-US/firefox/addon/http-to-https/) but last version is from Jan 2019 and maybe would have the same problem of not going to HTTP when it errors out. So I went with the most used and updated one.

Thanks for your time, i will test this :)

[rusty-snake]

Uhh, I forgot that HTTPZ has this insure downgrade feature (which I personally never used). No, RequestControl has no such feature AFAIK. If, for any reasons, you frequently visit http-only sites it's maybe not the best for you. But if you rarely visit http-only sites you can also disable it temporary.

[hushkamala]

So... I tried it and i think i'm doing this right.. I ended up with this rule:

[ { "uuid": "8ca1a1ee-ea8b-4d5c-8a59-c71dffb06e92", "pattern": { "scheme": "http", "host": [ "" ], "path": [ "" ], "excludes": [ "/^http:\/\/[^\/]*:(80|8080)\//", "/^http:\/\/127\.0\.0\.1(:[0-9]+)?\//", "/^http:\/\/192\.168\.1\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(:[0-9]+)?\//" ] }, "action": "secure", "active": true, "title": "HTTPZ", "description": "HTTP%20to%20HTTPS" } ]

The rules correctly apply and exclude the ips and the problematic url in the extension test and in a regexp test site.

http://userupload.net:8080/d/zwdypgzxit6mtt5s4wyyvhzyjnok2sqijapjaftmw6cuv7ja6gdcyrfroeg6dlx5tlqoycuq/namehere.apk (https://userupload.net/eaoz7d4r3t7x)

The Request Control rule tester says "No Match" with this link and the above rules. But it still upgrades it to secure. If i disable Request Control it downloads normally from HTTP. With only HTTPS Everywhere enabled it also downloads fine.

Request Control even with the exclude rules, and HTTPZ do both request the link through HTTPS resulting in a error page.

I do like the extension and thanks for your time recommending it and helping me. I saw a user filterlist from the Request Control GitHub that looks good, and even the preinstalled rules may replace my Google redirect cleaner. But I'm trying to figure this one out first.

I'm gonna try some other things, maybe some Firefox preference is doing this but i don't believe so. Because i've tried resetting one by one with HTTPZ and nothing helped.

If you have some idea why its doing this, or want to test the link yourself I'd appreciate it. Thank you

[rusty-snake]

Unfortunately it works for me. I added /^http:\/\/[^\/]*:(80|8080)\// to my rule and there was no redirect. I also tried with a empty path and host as this may not well handled by RC. The RC icon become violet and shows the rewrite if RC is triggered, if this does not happen, the upgrade is done by something else. (If you use TC (temporary-containers) in automatic-mode this indicator is broken.)

[hushkamala]

Yeah just tried it in a clean profile and another one in a virtualbox and it does not go to HTTPS. I do have containers enabled because of Simple Tab Groups but don't really use them i do use the tab group management but don't set the actual tabs to any container. My virtualbox has the same about:config preferences as my normal Firefox and it didn't trigger HTTPS. So must be some other extension. The strange thing is that disabling request control fixes it. That's why i was directing my attention to it. I'm going to install extensions in virtualbox until one breaks it.

Thanks :)

[hushkamala]

Installed all my extensions in a different profile one by one testing the link and nothing made it break. Even HTTPZ works (added the site to ignore list).

I cleaned my profile not even one month ago. Had to redo everything while keeping places.sqlite, formhistory.sqlite and a clean prefs.js. Running a clean profile now and everything is ok. Going to go with Request Control hoping i don't have to add too many exceptions.

Sorry for taking your time with this, and thank you for everything.