Location bar: When both the HTTP and HTTPS version of a page have been visited, default to HTTPS

NEW
Unassigned

Status

()

Firefox
Address Bar
5 years ago
20 days ago

People

(Reporter: Dan Wolff, Unassigned)

Tracking

({sec-want})

24 Branch
sec-want
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
Nowadays more websites provide both an HTTP and an HTTPS version of their website. When I have visited both, and both work (no timeout errors, invalid certificate etc.), Firefox should default to the HTTPS version.

Steps to reproduce:
0. Clear history and bookmarks (or start with a new profile)
1. Go to https://en.wikipedia.org/
2. Go to http://en.wikipedia.org/
3. Enter 'en.wikipedia.org' in the location bar and hit enter

Actual results:
The HTTP version of the site

Expected results:
The HTTPS version of the site


Note: It doesn't matter which version you visit first.

Comment 1

5 years ago
I think it's by design since FF24, see bug 769994.
Flags: needinfo?(mak77)
(Reporter)

Comment 2

5 years ago
Alright. So what I was looking for in this bug was basically Tanvi's 'Proposal 1' [1], which requires marking pages in the history with an error flag.

I filed another proposal in bug 902582, which shouldn't require any changes to the history database, but still improves the situation.
As filed, we cannot implement this, for the same reason we stopped doing that in FF24
I don't understand bug 902582, it should already happen, but we don't autocompete if you also type the trailing "/".
Regardless, while on the paper it's easy to think of better and complex algorithms to achieve the wanted results, practically it's very hard to implement them to be responsive enough while the user is typing. Basically anything over simple queries will be too much slow.
Flags: needinfo?(mak77)
(Reporter)

Comment 4

5 years ago
I tried to explain bug 902582 further - in that bug.

My intention with keeping this bug open was that any work on a more complex algorithm (such as Tanvi's 'Proposal 1') could happen here. If that's unlikely to happen any time soon, please feel free to close this bug.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: sec-want
Using Firefox 50.0.2, I have accessed both URLs
- http://192.168.1.254/ and 
- https://192.168.1.254/ 
So both URLs are stored in my browser's history.

When I start entering "192" into the location bar, the http version of the URL is suggested first "192.168.1.254/ - Visit". So entering "192" and pressing return sends me to the http URL.

I abhor this behavior. I don't like it at all. I believe that the https version of the URL should be preferred, always. 

I know that somehow this behavior is purportedly "by design", as indicated in comment #1. This comment points to bug 769994, however, bug 769994 has attracted quite a lot of comments and I admit that I've only read the top comments. Frankly, I don't understand why this behavior has to be the way it is.

Anyway, times have changed. A lot of web servers today offer secure access and I believe autocomplete ("visit" entry, first suggestion) should always prefer the secure version of the same domain by design.

Updated

11 months ago
See Also: → bug 1341350

Updated

20 days ago
See Also: → bug 1426934
You need to log in before you can comment on or make changes to this bug.