[HTTPS-Everywhere] Question not found on FAQ
Seth David Schoen
schoen at eff.org
Fri Oct 8 12:47:56 PDT 2010
David A. Gershman writes:
> Hello,
>
> I'm not sure if this is apropos to 'https-everywhere', but on a page
> where https is not supported (at least in part, like Twitter.com) how
> can we can a list of requests that were made *not* in https so that we
> can research possible work arounds?
If you do Page Info (Ctrl+I) and then look at the Media tab, you can
see the list of resources that were used to make up the current page,
and you can see whether they are in HTTPS or not. In some cases
we've been able to use this to get rid of mixed content warnings by
writing more elaborate rewrite rules.
This should be done for _every_ rule that ever generates a mixed content
warning, but it's a lot of effort and it's not always possible to get
rid of the warning without more help from the site operators. We need
to do more outreach to site operators to get them to fix these problems
themselves.
> Also, any chance of a "block non-https requests" feature so that if
> 'https everywhere' can't make the switch for whatever reason, we can
> just *not* make the request?
I agree that that would be useful. Do you mean on a per-site basis or
globally? You can do it globally with a personal firewall rule and
you can do it on a per-site basis with the Page Info trick above (by
writing rules that point into file: or chrome: instead of http: for
resources that turn out not to be available in https:). Neither of
these is very convenient, though.
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list