Closed
Bug 1060546
Opened 10 years ago
Closed 4 years ago
Awesome bar autocomplete suggestions should prefer HTTPS URLs
Categories
(Firefox :: Address Bar, enhancement, P3)
Tracking
()
RESOLVED
DUPLICATE
of bug 1812192
People
(Reporter: jwatt, Unassigned)
Details
(Keywords: privacy)
If I delete all youtube.com URLs from my history except for https://www.youtube.com/ (note, http_s_), then when I enter "you" and it suggests "youtube.com" as the autocomplete it should load the stored https URL. Currently we load http://www.youtube.com/ (note, just http) and ignore the https URL from the history.
Reporter | ||
Comment 1•10 years ago
|
||
[Tracking Requested - why for this release]: We're supposed to be the browser that champions privacy, and this bug is a case where we're not doing that at all. We should fix this as soon as we can.
tracking-firefox34:
--- → ?
Updated•10 years ago
|
Comment 2•10 years ago
|
||
It should be enough that you type just once the https version and we should always suggest that. We only suggest typed entries. We tried to enforce https when it was known to history, but we got a lot of complains from users and server admins cause we can't differentiate pages for which https and http point to the same contents from the other ones. So we had to revert that change and we implemented the typed-only solution. See bug 769994 for more details and large number of comments.
Btw, why is this tracking-firefox34? it doesn't sound like a regression so I don't see why should be tracked for a very specific version.
Comment 3•10 years ago
|
||
I'm untracking for 34. I would be happy to see us figure out a way to solve this but we don't need this specifically in 34.
tracking-firefox34:
+ → ---
Comment 4•9 years ago
|
||
I have the following suggestion that ties into the original bug:
For both enhancements, I would require that we have more than one known-URL (cache entry? history entry?) for HTTPS. This should help ruling out redirects and websites that have just a place-holder or only their login form on HTTPS (a common example is https://forbes.com)
- Can we increase the frecency-score for https names in general (assuming we know they do HTTPS)?
- If I type in a term and blindly press enter, can we prefer https over http (as above, assuming known working https previously)?
Do you think this is doable, Marco?
Flags: needinfo?(mak77)
Comment 5•9 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #4)
> For both enhancements, I would require that we have more than one known-URL
> (cache entry? history entry?) for HTTPS. This should help ruling out
> redirects and websites that have just a place-holder or only their login
> form on HTTPS (a common example is https://forbes.com)
finding the right threshold is hard, very hard. how much is more then one, is 2 enough, 10? we are very much guessing here.
> - Can we increase the frecency-score for https names in general (assuming we
> know they do HTTPS)?
We could, but we should be sure the https is effectively safe and not just a way to get higher scores. And we don't have that information at the moment.
> - If I type in a term and blindly press enter, can we prefer https over http
> (as above, assuming known working https previously)?
if you type a term and press enter, we search for the term in the current engine...
If instead we'd autofill, all of the above discussions would apply. We would like to, but we don't have a good solution that would satisfy most users.
Flags: needinfo?(mak77)
Updated•6 years ago
|
Priority: -- → P3
Updated•4 years ago
|
Blocks: https-only-mode
Comment 6•4 years ago
|
||
We are actually working on that within Bug 1658924, marking this as a duplicate.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Updated•1 year ago
|
No longer blocks: https-only-mode
Updated•1 year ago
|
Type: defect → enhancement
You need to log in
before you can comment on or make changes to this bug.
Description
•