Open
Bug 1613063
(https-only-mode)
Opened 5 years ago
Updated 2 months ago
[meta] HTTPS Only Mode
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
ASSIGNED
People
(Reporter: ckerschb, Assigned: freddy)
References
(Depends on 52 open bugs, Blocks 1 open bug)
Details
(Keywords: meta, Whiteboard: [domsecurity-meta])
Attachments
(1 obsolete file)
Currently, if a Firefox user types foo.com in the address bar then our internal machinery establishes an HTTP connection to foo.com. Within this project we will expose a preference which allows end users to opt into an 'HTTPS Only' mode which tries to establish an HTTPS connection rather than an HTTP connection for foo.com. Further, we will upgrade all subresources within the page to load using https instead of http.
Implementation considerations:
- For top-level loads which encounter a time-out we could provide some kind of error page with a button which would allow the end user to load the requested page using http.
- For subsource loads we could fail silently and just log some info to the console.
|
Reporter | |
Updated•5 years ago
|
Assignee: nobody → jgaibler
Status: NEW → ASSIGNED
Type: defect → enhancement
Priority: -- → P3
Whiteboard: [domsecurity-active]
|
||
Comment 1•5 years ago
|
||
|
|
Reporter | |
Updated•5 years ago
|
Summary: Experimental: HTTPS Only Mode → [meta] Experimental: HTTPS Only Mode
Whiteboard: [domsecurity-active] → [domsecurity-meta]
|
||
Updated•5 years ago
|
Attachment #9126109 -
Attachment description: Bug 1613063 - Experimental: HTTPS Only Mode. r=ckerschb → Bug 1620242 - Basic implementation for HTTPS Only Mode. r=ckerschb
|
|
||
Comment 2•5 years ago
|
||
Comment on attachment 9126109 [details]
Bug 1620242 - Basic implementation for HTTPS Only Mode. r=ckerschb
Revision D62590 was moved to bug 1620242. Setting attachment 9126109 [details] to obsolete.
Attachment #9126109 -
Attachment is obsolete: true
|
|
Reporter | |
Updated•5 years ago
|
Alias: https-only-mode
|
|
Reporter | |
Updated•4 years ago
|
Blocks: https-everything
|
|
Reporter | |
Updated•4 years ago
|
Assignee: julianwels → ckerschb
|
|
Reporter | |
Updated•4 years ago
|
Depends on: https-first-mode
|
|
Reporter | |
Updated•4 years ago
|
Summary: [meta] Experimental: HTTPS Only Mode → [meta] HTTPS Only Mode
Depends on: 1709252
|
||
Updated•2 years ago
|
Severity: normal → S3
|
|
Reporter | |
Updated•2 years ago
|
Assignee: ckerschb → fbraun
|
||
Updated•1 years ago
|
Depends on: CVE-2023-6211
You need to log in
before you can comment on or make changes to this bug.
Description
•