[HTTPS-Everywhere] HTTPS to HTTP form submission warnings
Richard Fussenegger, BSc
richard at fussenegger.info
Wed Aug 20 11:10:02 PDT 2014
This topic was already raised once in the past (see
https://lists.eff.org/pipermail/https-everywhere/2011-June/000914.html)
but I'd like to discuss it again because it's pretty annoying and might
even be disturbing to new users of the extension.
I found that the main problem are websites that have the scheme hard
coded on form action attributes. I therefore propose that the extension
could parse the page and rewrite any URL pointing to the current domain
that has the http scheme set instead of the secure one. I'm also willing
to produce this feature but I don't know if this is even possible with
an extension like HTTPS-Everywhere. You might be able to answer this or
maybe you have some arguments why this would be a bad idea.
Richard
More information about the HTTPS-Everywhere
mailing list