duckduckgo-privacy-extension
duckduckgo-privacy-extension copied to clipboard
duckduckgo
Breaks HTTP-only websites
Description
HTTP-only websites are irreversibly rewritten to HTTPS and thus not visitable with this extension enabled.
Steps to Reproduce
- Go to http://y20k.org/escapepod/
- Disable this extension and try again
Expected behavior: The website stays at http and works, or there is at least an option to visit the insecure original.
Actual behavior:
It is rewritten to HTTPS and there is an error:
See also https://github.com/y20k/escapepod/issues/43
Sometimes it also loads for a long time without any further info.
It works when the extension is disabled or in incognito mode
Versions
- Extension: 2020.7.22
- Browser: Firefox
- OS: KDE Neon
Additional Information
Always happens, same problem for http://jadn.com/cc/
This happens to me a bunch with with http links in emails.
Weirdly it doesn't happen all the time.
Took forever to track it back to this extension.
yeah for me in firefox, it stuck forever when website is http, and i have to manually change to https to load, or disable the extension.
how can we solve this?
Both of these examples are working fine for me in firefox with the extension enabled. Are you still having issues, or do you have more examples of this issue?
Yes, it happen frequently to me, I have no idea what could be, but when a site have http and https, and some link send to http site, firefox (linux ubuntu last version) keep loading forever, and i have to change to https and it loads well.
If you can provide us with links whenever you see such an issue that would be a great help. I can then pass the URLs to our Smarter Encryption team (which generates the list of domains to upgrade for this extension as well as HTTPs Everywhere) to check. If you don't want to post the links on a public forum like this, you can also chose 'Report broken site' from the extension menu to report them to us privately.
Example from clicking on an email from GMail (running in Wavebox) that opens in Chrome.
http://links.bringatrailer.com/u/click?_t=6f9b96f87cd64db48f53cab98f02b568&_m=1b21531d5d39435882e5d743d2ccada0&_e=GrSpsvJfHxOX6GXHW0mU8rfDqTLNPbNtltYY2aVWahgyV8BDyVtYjajK1d1BP3YRrZ5or1CAWKupCg9ohvCe18LdVAZkr7yK-36jxGrvAoe9g2oxU3wWyH7hSWXUPZUiTqMsrsBbMqk85I8VZ-wD7V6yqKZIag-l5MSPrghynPYaSkiw8OJrzANHk4SthwYC5mFJ0mlsDI7nTgj6Izrt5tImjj8lVbxTyOXbCu-FmuL2ohnBxYbmXTwVNcl3JDbscsM_pDrNcldIWmOympmyhN7FDt_XHnlGZbP_88CiaZQ%3D
The Privacy Extension tries to change it to https resulting in:
If you can provide us with links whenever you see such an issue that would be a great help. I can then pass the URLs to our Smarter Encryption team (which generates the list of domains to upgrade for this extension as well as HTTPs Everywhere) to check. If you don't want to post the links on a public forum like this, you can also chose 'Report broken site' from the extension menu to report them to us privately.
Hi, it happens to me whenever a website provides HTTPS but is visited through HTTP. For example, visiting https://ipfsgate.com/ works perfectly fine, but if I visit http://ipfsgate.com/ instead, the browser loads the tab forever without ever redirecting to HTTPS. This issue has been in the extension and bugging me for months. I would like to draw your attention back to figure something out.
Hi, it happens to me whenever a website provides HTTPS but is visited through HTTP. For example, visiting https://ipfsgate.com/ works perfectly fine, but if I visit http://ipfsgate.com/ instead, the browser loads the tab forever without ever redirecting to HTTPS. This issue has been in the extension and bugging me for months. I would like to draw your attention back to figure something out.
yeah, this is a good example, i try to access to the website that you shown, and the site stuck forever in http
Hey folks! I tried those steps:
- Open Firefox 92 with our lastest extension 2021.9.2
- Click on the http://ipfsgate.com/ link above
What I see is that request is upgraded to HTTPS by our extension and website loads w/o any issues.
Can you consistently reproduce it? Can you tell what's happening when webiste is not loading? e.g. is it switching from HTTP to HTTPS and back in a loop? Are you both on Firefox and on Linux?
Hey folks! I tried those steps:
1. Open Firefox 92 with our lastest extension 2021.9.2 2. Click on the http://ipfsgate.com/ link aboveWhat I see is that request is upgraded to HTTPS by our extension and website loads w/o any issues.
Can you consistently reproduce it? Can you tell what's happening when webiste is not loading? e.g. is it switching from HTTP to HTTPS and back in a loop? Are you both on Firefox and on Linux?
Hi! As soon I see this message, I tryed to load that web, and still happens the same issue... BUT.. I thought maybe the problem could be some conflict with another extension, so, I disable the "HTTPS Everywhere Extension" (without reloading Firefox) and the problem still there, but after restart only Firefox, (with HTTPS Everywhere disabled) the problem was gone.. good! so, I try to check if that was the problem and I enable again the HTTPS Everywhere extension, and no problem :/... even restarting Firefox, with all my extensions, the problem is gone, It is like "the host/domain or website is remembered" .. I don't know.. but it is some kind of advance.
I can also confirm that reproduction is very inconsistent... I tried loading the website today, and it successfully redirected me.
Thank you both for checking.
I thought that maybe Firefox itself caches information that http://ipfsgate.com/ is available over HTTPS, but http://ipfsgate.com/ doesn't have a HSTS header and I tried reproducing with empty browser cache with no luck.
It might be a conflict with HTTPS Everywhere extension (although, again, I wasn't able to reproduce :( ). Note that HTTPS Everywhere is using our dataset, so there is no reason to use both extensions.
Sorry this is happening, please let me know if you'll find any new leads.
Thanks for your reply!, I removed the HTTPS Everywhere, for the reason you mentioned. So, I'll keep alert for any issue. thanks again!
I don't believe it's a conflict with HTTPS Everywhere as I didn't install it when I experienced failure to redirect.
Thanks for your reply!, I removed the HTTPS Everywhere, for the reason you mentioned. So, I'll keep alert for any issue. thanks again!
Are you using any browser preference tweaks by any chance? I thought that might have something to do.
I think it does have something to do with site cache, or something else site-specific that is causing the problem.
I have just stumbled across another site that failed to redirect, even though http://ipfsgate.com/ is now redirecting correctly. Could you try http://transloc.com/? And just to make sure it wasn't something else messing with it, I restarted the browser and the problem persisted.
And to make double sure that it does have something to do with the extension, I disabled it while the website is still stuck loading, and the site immediately loaded without having to refresh after I disabled the extension.
It's most likely not just the extension's fault, I will investigate the possibility of conflicts with about:config tweaks
Thanks for investigating @howyay ! I tried transloc.com and again, couldn't reproduce :( Extension logs say only this:
HTTPS Service: Requesting information for transloc.com (cbcc4ad1b4fee4f47ddf9e99fcc48d172389e5e2). HTTPS Service: transloc.com is upgradable HTTPS: upgrade request url to https://transloc.com/
So it looks like everything is OK. I'll ask other folks to test those two sites and see if anyone can reproduce.