35
4
For example, I type superuser.com in the browser bar of Firefox, but it automatically goes to the HTTP site. I want the HTTPS site by default.
35
4
For example, I type superuser.com in the browser bar of Firefox, but it automatically goes to the HTTP site. I want the HTTPS site by default.
69
Another alternative is HTTPS Everywhere. It's available for Firefox, Chrome and Safari.
Since it is developed from the collaboration between EFF and the TOR project, I tend to believe this plugin more.
It's also open source and available under GPLv3 license.
4Unfortunately, there is a bug which breaks the web socket related live updates on SE last I checked and reported it. – Alexander O'Mara – 2016-07-17T06:54:39.557
Where is the download for safari with site only mentions chrome and FF? – 2426021684 – 2016-07-17T23:11:57.290
@2426021684 Checkout the first link in my answer. You will find the links there. – Sibi – 2016-07-18T10:39:34.023
5
Please note that HTTPS Everywhere has a slightly misleading name. It's rule-based, so you need manually "whitelist" a website to be forced to go for HTTPS instead of HTTP if they're not pre-configured with the addon. It should be named "HTTPS Everywhere Configured In the Ruleset".
– Adi – 2016-07-18T15:06:41.84717
Firefox addon "HTTPS by default" works: https://addons.mozilla.org/en-US/firefox/addon/https-by-default/?src=ss
If my memory serves me right, this is the way to go for the time being. I do remember reading somewhere about various privacy oriented firefox derivatives coming with this addon, such as the tor brovser. – Jarmund – 2016-07-16T16:01:52.310
1Nice. HTTPS Everywhere doesn't work with SE at least. – DavidPostill – 2016-07-16T16:23:57.553
3@DavidPostill HTTPS Everywhere works just fine with SE, but you might need to turn on the "Stack Exchange (partial)" rule set manually. – a CVn – 2016-07-16T20:21:06.337
While you're at it maybe post something for Chrome too? – user541686 – 2016-07-16T21:29:12.763
1
@DavidPostill That's because SE hates HTTPS on Meta ;) which should hopefully be fixed soon since CF is gone away
– cat – 2016-07-17T02:57:15.210@Mehrdad The question is specifically about Firefox, so I don't really see how Chrome would be relevant here? Though you certainly could post a separate question that asks about Chrome instead of Firefox, but in that case, please make it slightly clearer than this one... (see comment to question) – a CVn – 2016-07-17T18:29:01.697
@MichaelKjörling Do you have a pointer on how to do this (turn on the "Stack Exchange (partial)" rule set manually)? – DavidPostill – 2016-07-18T15:41:45.907
@DavidPostill "Pointer" I don't know... click the HTTPS Everywhere icon in the toolbar and make sure it isn't crossed out. – a CVn – 2016-07-18T18:00:41.020
2
Well, you can't do this automatically, there is no option in Firefox, like browser.urlbar.*
, for this.
So you either use one of the browser extensions mentioned in the other answers here, or as I'd suggest (avoiding usage of browser extensions you don't really need), just make sure that you bookmark https://superuser.com
instead of http://superuser.com
.
Now you can just type superuser..
in the browser bar and find the right link.
You can also restrict the suggestions in the url bar by using specific characters, for example, using * somtehing
(Asterisk) only finds matches in your bookmarks.
More examples: here
One more thing about HTTPS Everywhere: In addition to the issue with requiring predefined rules (as mentioned here in this comment), there is (or was, maybe they adressed this in the meantime) also the problem that HTTPS Everywhere saves the user preferences into the prefs.js
inside your Firefox profile directory.
So you end up with a lot of user_pref("extensions.https_everywhere.SITE, BOOL);
lines in your prefs.js
, maybe even thousands of entries that increase the size of this file and slows down load time. Not to mention possible privacy issues.
7
https://superuser.com
works for me. – DavidPostill – 2016-07-16T15:38:59.7236Please clarify: Are you asking for a solution for [su] specifically, or do you want all web-type requests to go over HTTPS if you don't explicitly specify HTTP as the protocol? – a CVn – 2016-07-16T20:22:00.713
2Just curious, why would you use HTTPS on Stack Exchange? – ysap – 2016-07-17T02:01:11.040
10
@ysap Because I don't want someone to steal my credentials? See this post
– cat – 2016-07-17T02:58:16.80316@ysap , also by using HTTPS everywhere you help others - including future you. Maybe now you don't have any reason (that you know of) to keep the connection encrypted, but maybe in the future you will have one; by using HTTPS even when "not needed", you provide plausible deniability. In the same vein, if everyone uses HTTPS everywhere, then you can use HTTPS without automatically singling yourself out. Finally, the more websites use HTTPS, the more pressure on non-HTTPS sites to update. – hmijail mourns resignees – 2016-07-17T13:32:25.547
1@cat True, but Super User (and all of Stack Exchange) does use HTTPS for the login pages; the rest of the time sensitive areas are secured using a complicated token system. – AStopher – 2016-07-17T21:19:38.813
@cybermonkey Right but that's only 1 of the many bullet points in the post cat linked. – Insane – 2016-07-18T09:06:04.543
2@ysap lots of reasons. a/ because you don't trust whoever is providing the network, b/ because you don't trust everyone on that network. c/ because you don't trust the whole chain of routing. Trust that: a/ they don't alter what you are receiving (adding ads, censoring words...) b/ they don't alter what you are sending (which can be bad) c/ they don't capture and reuse your credentials (very bad) d/ they don't intercept confidential information (but if confidential information is transmitted over http, you probably have bigger problems) – njzk2 – 2016-07-18T13:31:09.900
@ysap another good reason is HTTP2
– Gruber – 2016-07-18T15:19:14.803