Don't mix insecure links in awsomebar results when user started with 'https://'

UNCONFIRMED
Unassigned

Status

()

Firefox
Security
UNCONFIRMED
7 years ago
6 years ago

People

(Reporter: mayhemer, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
When going to a secured version of a page user has to specify 'https://' explicitly at the start of the URL, unless the page redirects to secure protocol automatically.

There are sites that have both http and https access.

I have in history, that awesomebar suggests from, also links to http URL that pop up when I type e.g. 'https://mysite' to the address bar.  If I see a link to "mysite.com/some-very-long-url-I-visit-often/" in the results, I click it to save typing and go where I want - here awesome bar does a great job.  

However, the protocol this way drops to http, if I ever were on that URL not securely, even though I have specified I want to go there now securely.

Not sure this is a valid use case or we have to do something about it, but it bothers me.

As a solution I would suggest to either don't show insecure links or convert them to secure.
> or convert them to secure.
I don't think automatic conversion is possible, but it sounds reasonable excluding insecure links from suggests.

Comment 2

6 years ago
I agree - if the user has typed "https://", the awesome bar should definitely NOT suggest and autocorrect to http:// URLs!
You need to log in before you can comment on or make changes to this bug.