https-by-default icon indicating copy to clipboard operation
https-by-default copied to clipboard
verified publisher icon Rob--W

HTTPS for third-party domains

Open jgmoss opened this issue 9 years ago • 3 comments

Does this add-on convert third-party domains to HTTPS as well? For instance, if I visit a site and calls are made to another domain, are those requests also HTTPS?

jgmoss avatar May 17 '16 02:05 jgmoss

At the moment, the add-on only changes the default in the location bar. Nothing else is modified, but I've previously expressed interest in forcing everything to be https unless stated otherwise (that might break some websites though, so I haven't implemented it yet).

The good news is that http in https sites can be blocked. Active content such as scripts are blocked by default, images are enabled by default but you can also block them.

Go to about:config, search for mixed_content, and make sure that the following are set to true:

security.mixed_content.block_active_content
security.mixed_content.block_display_content

In Chrome, mixed content is

Rob--W avatar May 17 '16 09:05 Rob--W

+1 for an ext that redirects to HTTPS if available - and to HTTP if not availabe - of any url.

EC-O-DE avatar Nov 07 '17 03:11 EC-O-DE

+1 for an ext that redirects to HTTPS if available - and to HTTP if not availabe - of any url.

Smart HTTPS (revived) might be what you are looking for.

fmarier avatar Nov 24 '17 18:11 fmarier