[HTTPS-Everywhere] Safari support

[Peter Eckersley]

Hi Scott,

We haven't submitted any bugs, and at the moment we probably don't have the
in-house resources at EFF to implement, maintain and support another port of
HTTPS Everywhere, though we're happy to work with people in the open source
community who are motivated to do those things, as we are doing with the
IE porting efforts.

In terms of the API on Safari's end, merging WebRequest from Chrome would be the
obvious way to proceed:

https://code.google.com/chrome/extensions/trunk/webRequest.html

(as an aside, there are still a few weird issues with Chrome's implementation
of that API that we're dealing with, and those are keeping the Chrome port
from being stable:

https://trac.torproject.org/projects/tor/ticket/5585
https://trac.torproject.org/projects/tor/ticket/5731
https://trac.torproject.org/projects/tor/ticket/5196
)


On Thu, May 10, 2012 at 06:10:58PM -0700, Scott Boyd wrote:
> We understand you may be experiencing some difficulties with crafting a solution for https-everywhere for Safari:
> 
> As of early 2012, the Safari extension API does not offer a way to perform secure rewriting of http requests to https. But if you happen to know a way to perform secure request rewriting in these browsers, feel free to let us know at https-everywhere at EFF.org (but note that modifying document.location or window.location in JavaScript is not secure).
> 
> I would be happy to assist you in finding whether a solution might be possible with Safari.  Have you submitted any bugs?  Any bug id would be helpful.  
> 
> Best regards,
> Scott Boyd
> Apple Product Security
> 

> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere


-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993