Open
Bug 1613063
(https-only-mode)
Opened 1 year ago
Updated 12 days ago
[meta] HTTPS Only Mode
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
ASSIGNED
People
(Reporter: ckerschb, Assigned: ckerschb)
References
(Depends on 30 open bugs, Blocks 2 open bugs)
Details
(Keywords: meta, Whiteboard: [domsecurity-meta])
Attachments
(1 obsolete file)
Currently, if a Firefox user types foo.com in the address bar then our internal machinery establishes an HTTP connection to foo.com. Within this project we will expose a preference which allows end users to opt into an 'HTTPS Only' mode which tries to establish an HTTPS connection rather than an HTTP connection for foo.com. Further, we will upgrade all subresources within the page to load using https instead of http.
Implementation considerations:
- For top-level loads which encounter a time-out we could provide some kind of error page with a button which would allow the end user to load the requested page using http.
- For subsource loads we could fail silently and just log some info to the console.
|
Assignee | |
Updated•1 year ago
|
Assignee: nobody → jgaibler
Status: NEW → ASSIGNED
Type: defect → enhancement
Priority: -- → P3
Whiteboard: [domsecurity-active]
|
||
Comment 1•1 year ago
|
||
|
|
Assignee | |
Updated•1 year ago
|
Summary: Experimental: HTTPS Only Mode → [meta] Experimental: HTTPS Only Mode
Whiteboard: [domsecurity-active] → [domsecurity-meta]
Keywords: meta
|
||
Updated•1 year ago
|
Attachment #9126109 -
Attachment description: Bug 1613063 - Experimental: HTTPS Only Mode. r=ckerschb → Bug 1620242 - Basic implementation for HTTPS Only Mode. r=ckerschb
|
|
||
Comment 2•1 year ago
|
||
Comment on attachment 9126109 [details]
Bug 1620242 - Basic implementation for HTTPS Only Mode. r=ckerschb
Revision D62590 was moved to bug 1620242. Setting attachment 9126109 [details] to obsolete.
Attachment #9126109 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•1 year ago
|
Alias: https-only-mode
Depends on: 1663148
|
|
Assignee | |
Updated•8 months ago
|
Blocks: https-everything
|
|
Assignee | |
Updated•3 months ago
|
Assignee: julianwels → ckerschb
|
|
Assignee | |
Updated•2 months ago
|
Depends on: https-first-mode
|
|
Assignee | |
Updated•2 months ago
|
Summary: [meta] Experimental: HTTPS Only Mode → [meta] HTTPS Only Mode
You need to log in
before you can comment on or make changes to this bug.
Description
•