[HTTPS-Everywhere] HTTPS to HTTP form submission warnings
Nick Semenkovich
nick at semenkovich.com
Wed Aug 20 11:27:15 PDT 2014
Chrome now warns about this too, per:
https://code.google.com/p/chromium/issues/detail?id=253249
Looks like it's on the beta channel (M37) which will probably hit stable in
~one month.
On Wed, Aug 20, 2014 at 1:10 PM, Richard Fussenegger, BSc <
richard at fussenegger.info> wrote:
> This topic was already raised once in the past (see https://lists.eff.org/
> pipermail/https-everywhere/2011-June/000914.html) but I'd like to discuss
> it again because it's pretty annoying and might even be disturbing to new
> users of the extension.
>
> I found that the main problem are websites that have the scheme hard coded
> on form action attributes. I therefore propose that the extension could
> parse the page and rewrite any URL pointing to the current domain that has
> the http scheme set instead of the secure one. I'm also willing to produce
> this feature but I don't know if this is even possible with an extension
> like HTTPS-Everywhere. You might be able to answer this or maybe you have
> some arguments why this would be a bad idea.
>
> Richard
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
--
Nick Semenkovich
Laboratory of Dr. Jeffrey I. Gordon
Medical Scientist Training Program
School of Medicine
Washington University in St. Louis
https://nick.semenkovich.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20140820/2351acb5/attachment.html>
More information about the HTTPS-Everywhere
mailing list