2
HTTP clients such as web browsers have been adding the http: scheme to URLs when the user enters example.com without being very specific. This will result in an request to http://example.com/.
Is it possible to make Firefox assume https: instead such that example.com gets written as https://example.com/? When explicitly asking for http://example.com/, it should not be rewritten though.
Lekensteyn
Posted 2015-04-04T16:41:05.203
Reputation: 5 236
2
Use the HTTPS by default addon: https://addons.mozilla.org/en-US/firefox/addon/https-by-default
If a scheme ("http:") is not given, the addon assumes that you want to navigate to https version of the site. If the site cannot be reached over https, Firefox's usual error page is displayed. If the site does not support https, edit the URL in the location bar, delete the "s" in https and try again.
(disclosure: I developed this addon, its source code is available at https://github.com/Rob--W/https-by-default)
Rob W
Posted 2015-04-04T16:41:05.203
Reputation: 1 473
2
Sounds like you need EFF's HTTPS Everywhere plugin. Or if you are running a server, you could serve a Strict-Transport-Security: max-age=31536000 header over HTTPS. That would force browsers to use HTTPS for that server for the next year.
Ronald Evers
Posted 2015-04-04T16:41:05.203
Reputation: 21
1HTTPS Everywhere seems to work with a whitelist, but it does not avoid having me to type
https://for new domains. I have HSTS enabled for my own domains, but it does not help with other sites. Thanks for the suggestion though! – Lekensteyn – 2015-04-05T10:54:58.463Time to recompile Firefox then. Or maybe see if the source for HTTPS Everywhere is available. Should be easy to change the whitelist lookup you mention with an "if (true)". Use the source Luke! – Ronald Evers – 2015-04-06T11:38:59.440