Closed Bug 1789797 Opened 2 years ago Closed 2 years ago

Use HTTPS-first for requests from webextensions

Categories

(WebExtensions :: Request Handling, enhancement)

Product:
WebExtensions
Component:
Request Handling
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1797086

People

(Reporter: TheOne, Unassigned)

Details

The add-on policies require sensitive data to be sent over a secured communication channel. Unfortunately, on a technical level, we are not able to easily identify sensitive data and despite the success of Let's Encrypt, there are still websites that do not support HTTPS.

On a general level, an improvement for requests made by webextensions would be to automatically upgrade them to HTTPS if possible.

Requests that cannot be upgraded should be logged to telemetry so we can assess the extent of this issue and determine next steps after that.

Whiteboard: [design-decision-needed]

Calling this https first is not accurate and wouldn't work via webrequest

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX

While HTTPS-First is not the primitive to build upon, the underlying desire for encouraging the use of https by default in extensions has its merits. I have filed a bug with a technically more feasible approach in bug 1797086, and am going to mark this as a duplicate of that.

Resolution: WONTFIX → DUPLICATE
Whiteboard: [design-decision-needed]
You need to log in before you can comment on or make changes to this bug.