-
Notifications
You must be signed in to change notification settings - Fork 1.3k
HTTPS-Only Mode #16952
Comments
This functionality was already introduced in desktop 83 and we want to start gathering all the dependencies needed for the feature. cc: @vesta0 |
@saschanaz I think we could close the other ones are they are feature requests, this is an user story issue and it will be used for creating all the UI/UX and engineering tasks :) |
This needs error page work as well. We need to figure out a way to provide the escape hatch button to http. Need to sort out how the error page will work with PWAs. Need to think about how the escape hatch persistence will work with things like private browsing. |
really needed feature |
As bug in Gecko view was already closed, it should be a priority. |
EFF has announced that HTTPS Everywhere is expected to reach its EOL by the end of 2021. HTTPS-Only Mode on Fenix could be a preferred alternatives to HTTPS Everywhere EASE mode to enforce HTTPS secure connections only and block HTTP connections on insecure mobile networks. I sincerely hope this feature can be prioritized. Related: EFForg/https-everywhere#20048 cc @zoracon |
@brampitoyo just to let you know that this is something that we want to add UI on Fenix and Focus, could you help us with the designs ? cc @amedyne |
@Amejia481 @amedyne I would say that Focus should go HTTPS-Only by default, without showing any UI. This way, our users will get automatic browsing security without any hassle. But I wonder whether there’s any side effect to this decision? I’d love to hear your feedback. I will bring this up in the next UI Catchup meeting with @channingcarter, as well. |
It's already on by default in Focus (or Fenix in private mode as well as in the desktop Firefox in private mode) and not having an UI already causes issues in Focus: mozilla-mobile/focus-android#5199 |
@brampitoyo as @cadeyrn mentioned Focus and Fenix are already using HTTPS-Only mode (in private browsing) by default without UI and the only side effect that we are experiencing is mozilla-mobile/focus-android#5199 as @cadeyrn mentioned, without the UI users don't have a way indicate that they want to proceed to navigate to HTTP sites in edge cases like mozilla-mobile/focus-android#5199. |
@brampitoyo desktop has provided options for users to change the default values. You can refer to them here. We can discuss further what we can do for Focus (and Fenix). |
@amedyne For Fenix, I think we can safely implement the same UI as desktop: with identical explanation, radio buttons, and exceptions list. (Let’s consult @betsymi at Content Design first, though!) Do you know what desktop’s default value is? On Fenix, I feel pretty safe toggling As for Focus, it’s clear that this feature should be toggled What will need more thinking is whether Focus should also ship with an exceptions list. I lean towards a “no”, so Focus stays slim and doesn’t maintain yet another list. If a site doesn’t work properly on a secondary browser like Focus, opening it on a primary browser like Firefox is an option. |
It's disabled by default on desktop: https://searchfox.org/mozilla-central/rev/fdd13237fcff2692404313b731a4ee0cba9e8ecb/modules/libpref/init/StaticPrefList.yaml#3075-3080 |
This is parity-chrome as of Chrome 94. HTTPS Everywhere is also being retired: https://www.eff.org/deeplinks/2021/09/https-actually-everywhere |
Just for reference we need the same engineering tasks as the focus counterpart mozilla-mobile/focus-android#5365 (comment) |
Just a suggestion..instead of adding this on the main setting menu which will increase the list..why not add a sub menu under privacy and security called "network security", inside this you can add https only mode and DNS server like cloudflare/nextdns/custom like desktop variant ..., majority of chromium browser has this setting..maybe it can be added in future but yes submenu will create a placeholder |
Default will be disabled with users having the possibility to enable this from a new setting in the `Privacy and security` section. If enabled then by default this force https for all tabs with the option for users to switch to forcing https only on private tabs.
Pending refactoring following the addition of a new setting, work to be done in #24495
Verified as fixed on the latest Nightly 100.0a1 (2022-03-30) build.
|
User Story
Dependencies
Acceptance Criteria
The https-only error page may appear if there is another error encountered even if the target redirected to a
https
page - https://bugzilla.mozilla.org/show_bug.cgi?id=1759114┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: