cwilper / http-nowhere Goto Github PK
View Code? Open in Web Editor NEWA browser extension to block unencrypted web traffic for added security.
Home Page: https://rx4g.com/http-nowhere/
A browser extension to block unencrypted web traffic for added security.
Home Page: https://rx4g.com/http-nowhere/
I have allowed "*.local:80/" for development. Works as expected. However, the assets (images, external JS, and external CSS) are not being redirected to HTTPS endpoints.
Link, script, and img elements (more specifically their href/src attributes) have no protocol defined ( i.e. "//example.com" vs "http://example.com") so they should be fetched using the same protocol as the parent window, in this case HTTP. I would expect that the extension detects those request and auto-redirects (Auto-Redirect is selected in preferences). However, in the Firebug Net tab, I see asset requests that never complete ...even to the allowed domain.
http://netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css
http://cdnjs.cloudflare.com/ajax/libs/handlebars.js/1.3.0/handlebars.min.js
http://my.devapp.local/css/style.css
When a host is blocked, a menu item appears in 'Recently Blocked'. You allow it.
Then another subhost appears. You allow it, etc. Then you decide, ok, I'll edit the rule to *.domain to allow all hosts. I guess this is what that rule editing dialog is for at this moment. Editing the rule would not have to be necessary (could become optional), when an extra menu item would be added to the left or right, 'Allow all subdomains'.
You could decide to make it fancy by giving extra options in the case of many sub-sub domains, or choose to only care about *.domainname.tld ('enough for most people').
It would be nice to have a clickable button in the toolbar, that toggles the enabled state. It's easy to do (Firefox):
<toolbarbutton
id="httpNowhere-button"
class="httpNowhere-button"
type="menu-button"
label="HTTP Nowhere"
title="HTTP Nowhere"
image="chrome://http-nowhere/skin/httpNowhere-button-enabled.png"
badgeLabel=""
status="disabled"
oncommand="httpNowhere.toggleEnabled();">
...
Thanks
when i enable addon with unchecked auto redirect option
still that force me to go https of url website if its not on the my allowed url
so that dont show me address in recently blocked https but also force me go to https
i am on firefox 25
also not bad if add option even that block all traffic even https except trusted https
When typing a url without a scheme, this attempts to browse to "http" and thus fails.
When HTTP Nowhere is turned on, the browser should assume that URLs without a scheme are HTTPS.
The General preferences currently require that if blocking is enabled, URLs from at least one host must be remembered in the Recently Blocked list. Allow this to be set to zero, for privacy.
When first using HTTP Nowhere, no connection was allowed since I configured Firefox to request the validity of each certificate via OCSP before accepting connections. (Firefox 34: Preferences > Advanced > Certificates > [X] Query OCSP responder servers to confirm the current validity of certificates.)
After manually adding the rule "ocsp.:/*" to allowed HTTP URL's, it worked as expected.
Would it be possible to add this rule (or a list of the OCSP servers of the trusted CA's) per default to the allowed HTTP URL's? New users might find that pleasing.
(By the way: great plug-in, much appreciated!)
Edit: I had OCSP/OSCP wrong. It's of course "OCSP" ;-)
I'd like to see an option to attempt to rewrite all URLs to https URLs, which would slightly increase the number of sites accessible with the plugin enabled, since some sites serve the same content under https as they do on http... but have all their links pointing to the unsecure version.
Great addon, very happy about it, also about all visual information.
Issue found:
hi can you make tool bar icon like other addon(no script,ad-block plus..)?
as you see in below screen shot icon of http nowhere not In a direction
of other icon.also when click in a icon it pressed like button
but it better that work like other addon icon when click on it icon dont changed or pressed.
thank you very mucj
http://photoload.ru/data/e0/93/df/e093df942e8897d696b001b30eb98160.png
Sometimes, when you need to quickly look something up, there is no time available to evaluate everything before browsing. In such a situation a person would want to temporarily disable HTTP Nowhere. At this moment this is possible, but it also disables the long list of ignored URL's, while they would still be very useful to at least have some level of security. So it would be good if it would be possible to temporarily disable blocking while retaining the use of the carefully selected ignore list(s).
It would be nice if the sorting in the allow/ignore lists is done, from right to left, per dot. So first sort by .com, then by domainname, then by subdomain. This will allow groups of subdomain hosts to be grouped together. Now they are scattered throughout the list, making correcting a mistake quite a task.
When adding an allow or ignore rule in the HTTP(S) rule list(s), it would be nice if the event generating website could reload automatically, so you could see the result of your action immediately. Now reloading the site has to be done by hand each time.
Visit http://test-ipv6.com/ and allow all from IPv6 address from Recently Blocked menu to reproduce.
Error: Too many colons in host:port.
the certificate presented by the server at https://rx4g.com/http-nowhere/ has expired
Checkout https://github.com/letsencrypt/letsencrypt for a free DV certificate
I am using Firefox and I have the checkbox "Always try HTTPS instead of blocking" checked.
After starting Firefox and e.g. pasting an http://... URL into the address bar, it works the first few times and I am redirected to the appropriate https://... URL.
However, shortly afterwards, this stops working.
After pasting the http://... URL and pressing enter, nothing happens.
I have to insert the missing "s" after "http" myself to reach the site(s) I want.
This behavior also applies to http://... links on sites I am browsing.
First it works a few times, then either nothing happens on click, or when I choose "Open link in a new tab" I only get a "New Tab" tab with the http://... link target in the address bar and an empty site below it.
In both cases the sites I am trying to access show up in the "Recently blocked" list, so yes, they appear to have been blocked (instead of redirected to HTTPS).
I only discovered this otherwise awesome Addon today, so I unfortunately cannot tell whether HTTPS redirection was working in the past or with an older version of Firefox than 44.0.1.
Yellow badge is too bright. To make it less distracting, change background color to gray and foreground color to white.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.