cwilper / http-nowhere Goto Github PK

I have allowed "*.local:80/" for development. Works as expected. However, the assets (images, external JS, and external CSS) are not being redirected to HTTPS endpoints.

Link, script, and img elements (more specifically their href/src attributes) have no protocol defined ( i.e. "//example.com" vs "http://example.com") so they should be fetched using the same protocol as the parent window, in this case HTTP. I would expect that the extension detects those request and auto-redirects (Auto-Redirect is selected in preferences). However, in the Firebug Net tab, I see asset requests that never complete ...even to the allowed domain.

http://netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css
http://cdnjs.cloudflare.com/ajax/libs/handlebars.js/1.3.0/handlebars.min.js
http://my.devapp.local/css/style.css

When a host is blocked, a menu item appears in 'Recently Blocked'. You allow it.
Then another subhost appears. You allow it, etc. Then you decide, ok, I'll edit the rule to *.domain to allow all hosts. I guess this is what that rule editing dialog is for at this moment. Editing the rule would not have to be necessary (could become optional), when an extra menu item would be added to the left or right, 'Allow all subdomains'.

You could decide to make it fancy by giving extra options in the case of many sub-sub domains, or choose to only care about *.domainname.tld ('enough for most people').

It would be nice to have a clickable button in the toolbar, that toggles the enabled state. It's easy to do (Firefox):

<toolbarbutton
id="httpNowhere-button"
class="httpNowhere-button"
type="menu-button"
label="HTTP Nowhere"
title="HTTP Nowhere"
image="chrome://http-nowhere/skin/httpNowhere-button-enabled.png"
badgeLabel=""
status="disabled"
oncommand="httpNowhere.toggleEnabled();">
...

Thanks

when i enable addon with unchecked auto redirect option
still that force me to go https of url website if its not on the my allowed url
so that dont show me address in recently blocked https but also force me go to https
i am on firefox 25
also not bad if add option even that block all traffic even https except trusted https

When typing a url without a scheme, this attempts to browse to "http" and thus fails.

When HTTP Nowhere is turned on, the browser should assume that URLs without a scheme are HTTPS.

The General preferences currently require that if blocking is enabled, URLs from at least one host must be remembered in the Recently Blocked list. Allow this to be set to zero, for privacy.

When first using HTTP Nowhere, no connection was allowed since I configured Firefox to request the validity of each certificate via OCSP before accepting connections. (Firefox 34: Preferences > Advanced > Certificates > [X] Query OCSP responder servers to confirm the current validity of certificates.)

After manually adding the rule "ocsp.:/*" to allowed HTTP URL's, it worked as expected.

Would it be possible to add this rule (or a list of the OCSP servers of the trusted CA's) per default to the allowed HTTP URL's? New users might find that pleasing.

(By the way: great plug-in, much appreciated!)

Edit: I had OCSP/OSCP wrong. It's of course "OCSP" ;-)

I'd like to see an option to attempt to rewrite all URLs to https URLs, which would slightly increase the number of sites accessible with the plugin enabled, since some sites serve the same content under https as they do on http... but have all their links pointing to the unsecure version.

Great addon, very happy about it, also about all visual information.

Issue found:

• Quite too often I am automatically redirected to HTTPS, and I get nowhere (as advertised?) because the target host hasn't setup HTTPS properly, or doesn't grant me access. This is OK as long as I can add a rule to prevent this in the future, the only option I currently have is to disable HTTP Nowhere, to bypass this quite often occurring problem. So, I would be very happy if I would have a checkbox in the General Options menu, to also be able to add HTTPS allow and ignore rules (and to also block HTTPS by default, for added security).
  The menu list item(s) would then have to be changed from 'Recently blocked' to 'Recently blocked HTTP' and 'Recently blocked HTTPS'.
  Again, very happy about the work you put into this add-on, and a very big thank you in advance if this is also possible.

hi can you make tool bar icon like other addon(no script,ad-block plus..)?
as you see in below screen shot icon of http nowhere not In a direction
of other icon.also when click in a icon it pressed like button
but it better that work like other addon icon when click on it icon dont changed or pressed.
thank you very mucj

http://photoload.ru/data/e0/93/df/e093df942e8897d696b001b30eb98160.png

Sometimes, when you need to quickly look something up, there is no time available to evaluate everything before browsing. In such a situation a person would want to temporarily disable HTTP Nowhere. At this moment this is possible, but it also disables the long list of ignored URL's, while they would still be very useful to at least have some level of security. So it would be good if it would be possible to temporarily disable blocking while retaining the use of the carefully selected ignore list(s).

It would be nice if the sorting in the allow/ignore lists is done, from right to left, per dot. So first sort by .com, then by domainname, then by subdomain. This will allow groups of subdomain hosts to be grouped together. Now they are scattered throughout the list, making correcting a mistake quite a task.

When adding an allow or ignore rule in the HTTP(S) rule list(s), it would be nice if the event generating website could reload automatically, so you could see the result of your action immediately. Now reloading the site has to be done by hand each time.

Visit http://test-ipv6.com/ and allow all from IPv6 address from Recently Blocked menu to reproduce.
Error: Too many colons in host:port.

the certificate presented by the server at https://rx4g.com/http-nowhere/ has expired

Checkout https://github.com/letsencrypt/letsencrypt for a free DV certificate

I am using Firefox and I have the checkbox "Always try HTTPS instead of blocking" checked.

After starting Firefox and e.g. pasting an http://... URL into the address bar, it works the first few times and I am redirected to the appropriate https://... URL.

However, shortly afterwards, this stops working.
After pasting the http://... URL and pressing enter, nothing happens.
I have to insert the missing "s" after "http" myself to reach the site(s) I want.

This behavior also applies to http://... links on sites I am browsing.
First it works a few times, then either nothing happens on click, or when I choose "Open link in a new tab" I only get a "New Tab" tab with the http://... link target in the address bar and an empty site below it.

In both cases the sites I am trying to access show up in the "Recently blocked" list, so yes, they appear to have been blocked (instead of redirected to HTTPS).

I only discovered this otherwise awesome Addon today, so I unfortunately cannot tell whether HTTPS redirection was working in the past or with an older version of Firefox than 44.0.1.

Yellow badge is too bright. To make it less distracting, change background color to gray and foreground color to white.