Add strict HTTPS setting, blocking HTTP requests #7356
Labels
priority: 1 - middle
Issues which should be done at some point, but aren't that important.
Comments
The-Compiler
added
the
priority: 1 - middle
|
Another idea from https://www.reddit.com/r/qutebrowser/comments/w9x6be/https_everywhere_feature_in_qutebrowser/ is to keep connecting via HTTP (except probably for schemeless navigations, see #6880), but display a warning prompt before continuing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Inspired by #335, but more strict, and also probably easier to implement.
For a very basic implementation, any HTTP request (minus localhost I guess) could simply be redirected to the corresponding HTTPS page. If that request fails, the user would need to manually disable that setting, perhaps even per-domain.
A more sophisticated implementation would catch the error scenario (though not sure how easily this will be possible after the redirect...) and display some kind of confirmation page or prompt in qutebrowser, where the decision still can be overridden. Not sure to what degree we can do that, though.
Also see #6880.
The text was updated successfully, but these errors were encountered: