Open Bug 1844742 Opened 1 year ago Updated 1 year ago

Expose HTTPS-First in Settings

Categories

(Core :: DOM: Security, enhancement)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
ASSIGNED

People

(Reporter: mjurgens, Assigned: mjurgens)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(2 files)

Screenshot_20230721_104558.png
(deleted), image/png
Details
WIP: Bug 1844742: Expand HTTPS-Only settings to include HTTPS-First and Schemeless Upgrades r?freddyb
(deleted), text/x-phabricator-request
Details
Attached image Screenshot_20230721_104558.png (deleted) —

Since HTTPS-First is already enabled by default in Private Browsing, it would only make sense to let the user have some more control over it in the settings. Currently, this is only possible via about:config.

There also still is the open terminology question about how "HTTPS-First" should be called for the user. Having both "HTTPS-Only" and "HTTPS-First", which do two very similar things could be confusing. So we could consider calling both "HTTPS-Only", and only have a checkbox which allows you to enable or disable "silent fallbacks to HTTP", which would correspond to HTTPS-First. I have attached an experimental implementation of how this could look like, but keep in mind that this is just an early exploration of how these settings could look like. This implementation would also have the downside that the user could not enable HTTPS-First everywhere and HTTPS-Only in PBM.

Severity: -- → N/A
Whiteboard: [domsecurity-active]
Attachment #9345025 - Attachment description: WIP: Bug 1844742: Experimental https-only fallback checkbox → WIP: Bug 1844742: Expand HTTPS-Only settings to include HTTPS-First and Schemeless Upgrades r?freddyb
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: