What steps will reproduce the problem?
1. setup a firewall to block a white listed domain's http port
2. open that domain in the browser
3. session failed, rather than being redirected to https protocol

What is the expected output? What do you see instead?
redirect to https://domain

What version of the product are you using? On what operating system?
latest chrome and kbsslenforcer

Please provide any additional information below.
https redirection is extremely helpful when visiting behind gfw ;)

What steps will reproduce the problem?
1. Checking for www subdomain
2. Applying diff

What is the expected output? What do you see instead?
I load http://abc.com
I want https://www.abc.com
I get  http://abc.com

What version of the product are you using? On what operating system?
kbs: 1.0

Operating system: Linux naypalm.su 2.6.33-ck #1 SMP PREEMPT Sun Mar 28 
15:35:28 BST 2010 x86_64 AMD Phenom(tm) II X4 940 Processor AuthenticAMD 
GNU/Linux

Browser: Chromium 64bit build 5.0.369.0 (43515) (chromium-browser-bin) in 
aur.

Please provide any additional information below.
Diff provided that will fix the issue, I will commit it myself if you want 
me to contribute.

What steps will reproduce the problem?
1. Open google maps in chrome, for example maps.google.com
2. Try to zoom anywhere

What is the expected output? What do you see instead?
First of all, the google maps top left logo is not shown. Then, when trying to 
zoom, gmaps shows an error bar ontop, suggesting to switch to traditional HTML 
mode while it loads. It never finishes loading anything, and there's no zoom on 
the maps.

What version of the product are you using? On what operating system?
Latest ssl enforcer version, in Chromium 9.0.575.0 (65322) Built on Ubuntu 
10.04, running on Linux Mint 9.

Please provide any additional information below.
Also happens in maps.google.es or any other gmaps url. Everything works OK when 
I disable the sslenforcer extension.

Thanks for your time and for this great extension!

What steps will reproduce the problem?
1. Visit http://www.grc.com

What is the expected output? What do you see instead?
It should redirect to the TLS protocol, but since it gets a 301 redirect 
from https://www.grc.com to http://www.grc.com/intro.htm, it doesn't 
redirect.

What steps will reproduce the problem?
1. Redetect www.no-ip.com either through the main extension or the browser 
button
2. Visit http://www.no-ip.com/login/

What is the expected output? What do you see instead?
Redirect to https://www.no-ip.com/login/

What steps will reproduce the problem?
1.display blacklist
2.
3.

What is the expected output? 
An almost empty list
What do you see instead?
A very full list with www.google.com in it.


What version of the product are you using? On what operating system?
latest on Ubuntu


Please provide any additional information below.

I'd love if you could port this extension to Safari, if at all possible. Many 
thanks in advance!

Shrodes said:
"www.facebook.com seems to make its way onto the blacklist from the whitelist, 
without me doing anything. Is this intended?"
"Should clarify, it doesn't happen straight away, it does stay on https for a 
while, but it's swapped twice in about a week of use."

I need to narrow in on what it is that does it, to be able to comment on 
whether it should do this. By the sounds of it, I would think that it's caused 
by Facebook referring to non-SSL pages somewhere that the extension doesn't 
catch. If the extension sees too many requests to non-SSL pages, it will detect 
it as not fully supporting SSL and then blacklisting the site.

I'll try to find where it happens, but any help would be appreciated.

This is a very useful extension, but it has enough side effects that I only 
want to use it in specific circumstances (eg. open wifi at a coffee shop). 
Right now I can only enable/disable it from the extensions admin screen. It 
would be very useful to have the ability to do so more easily accessible via a 
toolbar icon or some other method.

What steps will reproduce the problem?
1. Turn on KB SSL Enforcer
2. Try to Use Google Maps
3. Fail

What is the expected output? What do you see instead?
Instead of maps.google.com working as expected, it will be slow to the point of 
being unusable, disabling KB SSL Enforcer makes it work immediately.

What version of the product are you using? On what operating system?
Latest version, in Google Chrome, on Windows 7 Home Premium 64 bit

Please provide any additional information below.

What is the expected output? What do you see instead?
Upon viewing the whitelist or blacklist, it would be useful to see a button 
that says 'Empty List' that would empty the list. This is mostly useful for the 
blacklist if you want to re-detect all sites.

What version of the product are you using? On what operating system?
1.0.13 on Chrome 6.0.472.63

Please provide any additional information below.

The browser button is now in a separate extension, so it's possible to use the 
main extension without the browser button for the people that don't want it.

But this button should be included in the main extension as an optional feature 
as soon as Chrome supports it. The feature request for this option in Chrome is 
here:
https://code.google.com/p/chromium/issues/detail?id=57824

I saw the discussion on the Chrome Extension website where you said it could be 
seen in developer mode, but it's not the most user friendly method. Please 
consider this in the options dialog. Thanks!

If you log into a site via HTTPS, this extension should block non-HTTPS cookies 
from being transmitted. Otherwise, the session is as good as compromised (e.g. 
Facebook).

This may be impossible if the extension must visit a page before redirecting.

What steps will reproduce the problem?
1.Use the "send to" twitter link in google reader or goto webpage and use 
Shareaholic chrome extension
2.Opens the twitter page but the tweet doesn't show
3.Other "send to" or use Shareaholic to post to other social networks work

What is the expected output? What do you see instead?

Should shorten the url and input the tweet into the tweet box waiting for user 
to hit enter
What version of the product are you using? On what operating system?

KB SSL Enforcer - Version: 1.0.11 - Chrome 6.0.472.36 beta - Vista SP2 32bit

Please provide any additional information below.
Only seems to be a problem with the "send to" twitter or Shareaholic chrome 
extension for twitter, other networks are working fine like facebook, 
stumbleupon and digg.

What steps will reproduce the problem?
1. Using a dark theme like "Late Night"

---
What happens: 

The icon image is black with a transparent background to the icon rendering it 
invisible on dark/black themes.

Attached is an image demonstrating the issue

What steps will reproduce the problem?
1.Whitelist any site. (ex. computerworld.com)
2.Type in computerworld.com into url bar press enter

What is the expected output? What do you see instead?
The webpage http://computerworld.com get hit before KB SSL Enforcer(best plugin 
ever) changes it to https. I would like to see KB SSL Enforcer catch that we 
are going to a site on the whitelist and to automagically direct me to the 
https as if thats what i typed in the first place. Then it would be more secure 
and less stress for servers.

What version of the product are you using? On what operating system?
1.0.13 on Arch Linux

What steps will reproduce the problem?
1. Visit the web site scottevest.com
2. Notice that it does not appear correctly (compare to another browser or 
without SSL extension enabled).

What is the expected output? What do you see instead?
Notice that much of the page content is missing, including all of the pricing 
and purchase functionality.

What version of the product are you using? On what operating system?
1.0.12 of the KB SSL Enforced extension.  Current version of Chrome on 64-bit 
Windows 7 Pro.

Please provide any additional information below.

We All know that orkut has https but this extension doesnt take me to the https 
version it takes me to the usual http page instead!!

What steps will reproduce the problem?
1.When trying to switch between https://www.google.com and http it fails to 
switch.
2. Added www.google.com to the Blacklist and it will not allow me to access the 
http version by clicking on the "Go to classic Google." link.

What is the expected output? What do you see instead?
Expected to allow me to switch to http
Instead it redirects to the the https version.

What version of the product are you using? On what operating system?
Windows 7
Chrome dev version 8.0.552.23
SSL Enforcer 1.0.13

Please provide any additional information below.

What steps will reproduce the problem?
1.goto https://design.canonical.com
2.click a link: https://design.canonical.com/2010/09/getting-physical/
3.404

What is the expected output? What do you see instead?
Probably a issue with the site design not the KB SSL extension but should 
redirect to http

What version of the product are you using? On what operating system?
1.0.12 Vista 32bit

Please provide any additional information below.
This is less an issues as it is a feature request!  Maybe have some way to auto 
blacklist and redirect to http for a domain that has this effect?

It's impossible to create a perfect list of SSL capable sites, but it's at 
least possible to create a big list of some of the most used ones. I'll 
welcome any suggestions for inclusions in the official feed here.

FYI, i've chosen not to include Facebook in the official list, since it's 
disabling the chat when using SSL. So i suggest people add it to their own 
lists, so they're aware of the problem.

What steps will reproduce the problem?
1. Try and visit http://www.codeproject.com/KB/cs/MEFIntroduction.aspx in 
Chrome
2. You will get sent to 
https://www.codeproject.com/KB/cs/MEFIntroduction.aspx becuase of kb ssl 
enforcer
3. Get error from Chrome: "The site's security certificate is not trusted!"
4. Obviously there is a problem with codeproject's certificate but in the 
meantime it would be nice if you removed it from the list, or at least do so 
when just accessing articles that don't require auth

Since the auto-detection is potentially a bit intrusive, i'd like to get 
some feedback from people that have used it.

It will be helpful and nice if there was an option to add a site to a 
black/white list through context menus (similarly to how AdBlock does it). Will 
streamline the use of the extension.

Thanks.

The wording for the blacklist and whitelist isn't too clear. I'd like to either 
change the wording or at least have a good explanation for what they mean. I'm 
open to suggestions for what to call it or for how to explain it.

Do you support LinkedIN.com?

Installed the extension and works on most other websites with SSL but not 
LinkedIN.

Thought you'd like to know.

What steps will reproduce the problem?
1. go to Facebook homepage, KSE (KB SSL Enforcer) redirect you to HTTPS Facebook
2. go to Facebook's privacy settings, no HTTPS available, normal (HTTP) page is 
diplay
3. return to Facebook homepage, no HTTPS anymore  :(

What is the expected output? What do you see instead?
HTTPS should re-check even if already white/blacklisted

What version of the product are you using? On what operating system?
KB SSL Enforcer - Version : 1.0.19
KB SSL Enforcer Browser Button - Version : 0.0.4
Adblock Plus for Google Chrome™ (Beta) - Version : 1.0.26

Chrome 9
Windows 7

Please provide any additional information below.
Thanks for your work, but I still think there shouldn't be (white/black) lists, 
SSL should be check everytime.

Thanks in advance from France.

What steps will reproduce the problem?
1. Visit a website
2. The website does not have a https domain
3. The website is auto-blacklisted
4. The website creates an https site (unknown to user)
5. Because of the previous blacklist, the new https site is never detected 
without user intervention

What is the expected output? What do you see instead?
Feature request: After x days, the auto-blacklisted site will be automatically 
removed from the blacklist to be re-detected again. This would enhance the 
possible security increase from this extension, and prevent errors from sites 
that are tricky to detect (I've seen google.com auto-blacklisted when there is 
a https site, but this is another issue I will look into)

This would require new columns where the sites are stored of
1. the date the site was blacklisted
2. if it was set manually or automatically
It would also require a function to trim the list down if any auto-blacklisted 
sites > x days are detected

What version of the product are you using? On what operating system?
1.0.13 on Chrome 6.0.472.63 

Install this:

https://chrome.google.com/extensions/detail/mblbciejcodpealifnhfjbdlkedplodp

Chrome 466 dev version on Windows XP

Please check, thanks!

After having added a site to the white- or blacklist, I can't remove it again. 
I'd like to be able to do that.

What version of the product are you using? On what operating system?
Version 1.0.10 on Google Chrome 5.0.375.126
Mac OS X.6.4

It would be nice with e.g. an icon in the address bar, to give easier access to 
whitelisting, blacklisting and redetecting sites.

What steps will reproduce the problem?
1. go to http://www.tradoria.de
2. you get redirected to https://www.tradoria.de
3. some pictures don’t load correctly in the SSL version, so blacklist 
www.tradoria.de
4. go to http://www.tradoria.de
5. you get redirected to https://tradoria.de  (I don't understand why I must 
say)
6. blacklist tradoria.de
7. in the Background.html => Local Storage, “tradoria.de” has _replaced_ 
“www.tradoria.de”
8. re-blacklist “www.tradoria.de”, and it replaces “tradoria.de”

Both tradoria.de and www.tradoria.de should be blacklisted, instead of only one.

I use KB SSL Enforcer 1.0.8 and Chrome 5.0.375.99 (current stable release) on 
Mac OS X 10.6.4

I only tested it throughly with tradoria.de, but I had the same problem with at 
least 2 or 3 other websites. This problem only happen when I want to blacklist 
with AND without "www".

What steps will reproduce the problem?
1. Visit website supporting https but not offering as default.
2. Visit website when having internet connection issues.

What is the expected output? What do you see instead?
When website visited for first time, rule is created in whitelist. It seems, 
that when website is accessed when I'm having Internet connection issues and 
Chrome cannot access https version, it tries http version and moves website to 
blacklist? Most often I notice this when using Facebook and encrypted Google 
search.

I think better is not to move from whitelist to blacklist, unless user 
explicitly says he wants to move from whitelist to blacklist.

What version of the product are you using? On what operating system?
Windows 7 64bit, Chrome 8.0.552.224, SSL Enforcer 1.0.18.

Neither blacklisting nor whitelisting solves the problem, but when I disable 
kbssl the page loads correctly.

Using kbssl 1.0.13 for chrome on os x.

Hi, I use the Kate Spade design -- 
https://tools.google.com/chrome/intl/de/themes/theme_at_katespade.html -- in my 
Chrome 7.0.517.44.

Unfortunately the KB SSL toolbar button (version 0.0.3) is nearly invisible: 
black letters against a very dark brown background.

Suggest that instead of the button background being transparent, it be changed 
to white.

Cheers, and please keep up the good work,

What steps will reproduce the problem?
1. Go to http://en.wikipedia.org/wiki/Main_Page

What is the expected output? What do you see instead?
It would be nice to be redirected to the SSL site:
https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page


This isn't done automatically because the SSL site is on a different domain.

I can't see this being possible to detect automatically in any way. But it 
could be made possible to do manually or maybe through a maintained list.

Feedback is welcome.

I would like to see, once Issue 13 becomes a reality, an option that if a site 
has only HTTP then we can send them an email (webmaster@site, admin@site) from 
our email address (place to insert smtp settings or something) with an 
automated (changeable) message, such as "I am a regular visitor of your site 
but would like to request a HTTPS version of the site thanks".

Possible to use a right click menu to blacklist/whitelist?  This would make 
things much easier and convenient!  See here 
http://blog.chromium.org/2010/08/new-in-google-chrome-beta-more.html  
Great extension! Thanks

The original report from grantdb was: "some times it works some times it 
doesn't, an example page is http://www.cnn.com/ on this page it gets the "main 
extension did not respond" msg and the options link in the toobar button leads 
to a blank tab page.  All updated to latest versions.  Let me know if you need 
any more info."

I was able to reproduce this after having Chrome open for a long time. It 
seemed that the main extension didn't work at all, even though it was still 
listed under extensions and it was set as enabled.

I restarted Chrome and then it worked. So that might be a good temporary 
workaround when it happens.

But since restarting Chrome, I haven't been able to get it to break again. Any 
information on when this happens and how to reproduce it would be appreciated. 

What steps will reproduce the problem?
1.Access youtube.com while kbssl is enabled
2.not having cleared cookies/cache after disabling kbssl
3.not sure what else is causing it

What is the expected output? What do you see instead?
while having kbssl, youtube videos will not load, it will simply display "an 
error occurred, try again later".

To fix this I have had to disable kbssl, and then clear all browser data 
/history, cookies, cache.

then the videos work again.

however once kbssl is on, the videos fail to load

I have try'd to add youtube.com and www.youtube.com to blacklist and this still 
doesn't work, I beleive because youtube videos are downloaded from sub-domains 
e.g. s20.youtube.com etc..

A really weird thing though is, on demand channels e.g. 4od, demandFive etc all 
work,,, its just normal youtube uploaded videos that do not work

What version of the product are you using? On what operating system?
latest chrome, and chromium over win7 and ubuntu

Please provide any additional information below.
I have tried having kbssl not function in incogneto, and use that, but for some 
reason it still effects it and prevents it from working

What steps will reproduce the problem?
1.goto ex. http://twitpic.com 
2.file starts to download "download.gz"
3.Blank page with http address in current browser page

What is the expected output? What do you see instead?
https://twitpic.com or default back to http://twitpic.com

What version of the product are you using? On what operating system?
KB SSL Enforcer - Version: 1.0.11 - Chrome 6.0.472.36 beta - Vista 32bit SP2

Please provide any additional information below.
Couple of sites so far have done this. Now do I blacklist these? Shouldn't this 
extension just fall back to http automatically?

Today you have to specify each subdomain instead of being able to specify a 
wildcard.

It would be nice to have an option to disable all unencrypted requests and 
therefore enforce encryption on everything.

This is only really useful in situations where you can live without sites that 
don't support encryption and if you would really like to avoid using any 
unencrypted sites at all.

It's only really possible once issue 25 is implemented.

I suggest calling this the paranoia feature, in lack of a better description so 
far. Suggestions for names and feedback on the idea is very welcome.

What steps will reproduce the problem?
1. Go to the settings page
2. Try to introduce an URL and click on whitelist or blacklist

What is the expected output? What do you see instead?
I expect to see something happen, like a list of the URLs with the last added, 
but seems like nothing is done.

What version of the product are you using? On what operating system?
i'm using this extension with Chromium 6.0.428.0 (49031) in ubuntu 10.04, 64 
bits.

Now this is #1 on my list and should be on everyones. I would like to see this 
plugin www.cs.cmu.edu/~perspectives/firefox.html implemented in KB SSL 
Enforcer. In addition I would like to see the URL bar turn colors (green for 
payed signed cert, blue for self signed legit cert, red for no https, etc) and 
remove that HTTPS with a dash through that chrome does. Also, if there is a 
site with no HTTP (see Issue 26) then URL bar should turn red or some other 
"this is not encrypted" color and pop up a status bar/message/something that 
reminds us that our data is going over in clear text.

Some sites have links to the non-SSL pages, even when you're on the SSL 
pages. This extension could change the links of a page, to refer to the SSL 
pages if available.

What steps will reproduce the problem?
1.Shopify.com, create an account
2.app.shopify.com and *.myshopify.com logins support https: but the images and 
css files (plus other assets for the page) come from a content delivery network 
that does not support https
3.the page doesn't load quickly because of the lengthy timeouts and the result 
is a loaded page with no formatting, images, etc. 

What is the expected output? What do you see instead?
If interior asset urls pull from other sites that do not support https, KB SSL 
should not error out on these items, but instead pull them from their original 
source url. At least give the option via popup that some assets on this page 
will not be loaded and ask if user wants to login without ssl encryption.

What version of the product are you using? On what operating system?
1.0.18, Snow Leopard/Mac 10.6.5, Chromium build 67404

Please provide any additional information below.
I suspect many sites that pull assets from akamai and other content delivery 
networks will have this issue. Great extension and very valuable but need to 
sort out this fairly common issue.

It would be nice to have an import/export button for the blacklist and the 
whitelist.

In addition, it would be nice to purge each list separately.

What steps will reproduce the problem?
1. Enable KB, try to go to Google Maps, get redirected to encrypted Google
2.
3.

What is the expected output? What do you see instead?

Expect whitelist to work for maps.

What version of the product are you using? On what operating system?

Current version on Chrome w/ Win7 Ultimate x64

Please provide any additional information below.