On first connection to a new site (typed without protocol), try https first
Categories
(Firefox :: Address Bar, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox40 | --- | affected |
People
(Reporter: jruderman, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-want)
Comment 1•10 years ago
|
||
Comment 2•10 years ago
|
||
Comment 3•10 years ago
|
||
Updated•10 years ago
|
Comment 5•10 years ago
|
||
Comment 6•10 years ago
|
||
Comment 9•10 years ago
|
||
Comment 10•10 years ago
|
||
Reporter | ||
Comment 11•10 years ago
|
||
Comment 12•10 years ago
|
||
Comment 13•10 years ago
|
||
Comment 14•10 years ago
|
||
Comment 15•10 years ago
|
||
Comment 16•10 years ago
|
||
Comment 17•10 years ago
|
||
Comment 18•10 years ago
|
||
Comment 19•10 years ago
|
||
Comment 20•10 years ago
|
||
Comment 21•10 years ago
|
||
Comment 22•10 years ago
|
||
Comment 23•10 years ago
|
||
Comment 24•10 years ago
|
||
Comment 25•10 years ago
|
||
Comment 26•10 years ago
|
||
Comment 27•10 years ago
|
||
Comment 28•10 years ago
|
||
Comment 29•10 years ago
|
||
Comment 30•10 years ago
|
||
Comment 31•10 years ago
|
||
Comment 32•10 years ago
|
||
Comment 33•10 years ago
|
||
Comment 34•9 years ago
|
||
Reporter | ||
Comment 35•9 years ago
|
||
Updated•8 years ago
|
Updated•8 years ago
|
Updated•8 years ago
|
Comment 36•8 years ago
|
||
Comment 40•8 years ago
|
||
Comment 41•8 years ago
|
||
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Comment 44•7 years ago
|
||
Comment 46•7 years ago
|
||
Comment 47•7 years ago
|
||
Comment 48•7 years ago
|
||
Comment 49•7 years ago
|
||
Comment 50•7 years ago
|
||
Comment 51•7 years ago
|
||
Comment 52•7 years ago
|
||
Comment 53•7 years ago
|
||
Comment 54•7 years ago
|
||
Updated•6 years ago
|
Comment 58•5 years ago
|
||
HI,
2 years later, is this still valid?
Making https the default without an automatic fallback to http is the best way to address this security issue. It's the right thing to do!>
We should do this when we are at a higher % of adoption. Breaking on loading a HTTP site is still unfortunately too aggressive.
It is a little bit awkward to tell people, that they have to put https:// before the domain. Because of Firefox still defaults to http://
And no, we really do not want to have anything running on port 80, only for a redirect to port 443.
Comment 59•5 years ago
|
||
According to https://letsencrypt.org/stats/#percent-pageloads we're now at 80% page loads through https.
How much longer until this security flaw is finally fixed?
Comment 61•4 years ago
|
||
I think the proposed solution nowadays is https-only mode
Comment 62•4 years ago
|
||
I think the proposed solution nowadays is https-only mode
I just installed firefox 83 and so far I'm really happy with that mode.
Thanks a lot!
Comment 63•4 years ago
|
||
Thanks for the work put into this guys, happy to see it live!
Updated•4 years ago
|
Description
•