where is the Secure rule?

[practik]

Hi tumpio, I just updated from 1.14.0 to 1.15.1 (nice icon!). I read in the release notes that RC now includes a new Secure rule to upgrade HTTP requests to HTTPS, but when I checked my rules I couldn't find it. Is it not user-configurable?

I'm asking because I already use HTTPZ for the same purpose. If RC now duplicates that functionality, I would be able to uninstall HTTPZ – but only if I can whitelist a couple of hostnames that should not be upgraded to HTTPS.

[geeknik]

You have to create a new rule. Look under action where it says Secure:

Set * for the host pattern and then add any sites you don't want upgraded to the exclude pattern list under the Extra URL matchers section. Good luck!

[practik]

Aha! Thanks, geeknik – I'm on it!

[tumpio]

Yes, only a new action called "Secure" was added. It should be used instead of the redirect action to upgrade http requests to https. It sets the "upgradeToSecure" flag that tells Firefox to handle the upgrade internally (without being blocked by CORS checks). https://bugzilla.mozilla.org/show_bug.cgi?id=1149250

It likely conflicts with other add-ons that tries to modify the same request with redirection.

[practik]

Thanks, tumpio. I can confirm that it definitely conflicts with HTTPZ – just for fun I tested, and the result was endless redirection loops. But I would guess that anyone who's comfortable using RC would not run both extensions at the same time.