search

palant / enforceencryption

DEPRECATED: Browser extension providing a way manage Strict Transport Security - a built-in browser feature that determines whether encrypted connection is enforced for a website.
Mozilla Public License 2.0
10 stars 5 forks source link

WebExtensions platform #13

Open ruv opened 7 years ago

ruv commented 7 years ago

Do you plan to move on the WebExtensions API?

For the moment, Enforce Encryption 1.0.7 is marked as "legacy" in Firefox 56 and it is disabled in Firefox 57.

Note: In Firefox version 57, in release on November 14, 2017, only extensions built with this new technology will work in Firefox.

palant commented 7 years ago

Porting was blocked on https://bugzilla.mozilla.org/show_bug.cgi?id=1368527. With that bug resolved in Firefox 57, my port might actually be working in Firefox now - I need to test it again and see whether there are more issues.

palant commented 7 years ago

No luck. Determining current state works correctly now but actually enforcing encryption doesn't. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1418275 on that.

palant commented 6 years ago

I pushed my current state, currently it only works in Chrome however. The Firefox bug will hopefully be fixed soon.

palant commented 6 years ago

https://bugzilla.mozilla.org/show_bug.cgi?id=1418275 is fixed but it doesn't quite do for us - we set headers on a cached request which doesn't work. I created https://bugzilla.mozilla.org/show_bug.cgi?id=1431043 on the new issue.

In the meantime, I guess that we can continue here. Hitting the network whenever users want to enforce encryption is suboptimal but it is better than nothing. We can have this code dependent on the browser and still produce a cached request in Chrome.