Https-everywhere: Blocking non-encrypted traffic not working in FF
I just got Version "2017.8.15" in FF55 (64Bit) on Win10 and the checkbox to block all non-encrypted traffic does not work at all. It does not get saved and no http-content is blocked.
Also, how can I enable/disable rules with this new interface?
foobar13373
All 25 comments
HTTPSNowhere
on 16 Aug 2017
Exactly the same issue in Chrome. It worked perfect few days ago.
aemixdp
on 17 Aug 2017
i can also confirm this issue on chrome. very strange
gripedthumbtacks
on 18 Aug 2017
I'm not experiencing this behavior on Firefox 55 or the latest Chromium. Are you still seeing this on >= 2017.8.17?
Hainish
on 19 Aug 2017
@Hainish
With your latest changes regarding the localStorage, this is also working for me in the currently running browser session. This means:
The checkbox state is saved between browser starts, but the functionality only works if one dis- and re-enables the checkbox after a browser restart (which comes from clearing the storage on exit, I assume).
foobar13373
on 20 Aug 2017
I was seeing unencrypted requests succeeding with 2017.8.19 on Firefox-55.0.2 until I unchecked, and then came back and checked the setting again. Before doing that, the icon was also not red, as it was previously, but after that process, it is red again.
ansell
on 21 Aug 2017
@foobar13373 glad to hear the latest changes fixed this issue, unless I'm misunderstanding. Feel free to close if this is no longer an issue.
Hainish
on 22 Aug 2017
@Hainish I think you've missed this part
but the functionality only works if one dis- and re-enables the checkbox after a browser restart (which comes from clearing the storage on exit, I assume).
which is not how addon was working before for me - the flag, icon state and functionality state were consistently being saved and restored after I've closed browser and opened it again.
It would be really cool if you can not worry about re-enabling it every time you open the browser. :)
Can we get that behavior back again? Is it blocked by something?
ivan-kolmychek
on 29 Aug 2017
right, this is actually now a SECURITY ISSUE. for instance, you close your browser on a secure network, then move to another network that is hostile, open the saved browser and all your traffic and cookies potentially leak over HTTP without protection. same bug also confirmed in chrome version of extension
gripedthumbtacks
on 29 Aug 2017
opened #12190 to track wider issue
gripedthumbtacks
on 29 Aug 2017
could potentially fix this security bug by simply changing
pref("extensions.https_everywhere.http_nowhere.enabled", false);
to
pref("extensions.https_everywhere.http_nowhere.enabled", true);
in
src/defaults/preferences/preferences.js
and making it more secure by default, requiring users to downgrade to the less secure option if they choose
gripedthumbtacks
on 29 Aug 2017
Can someone give me specific steps to reproduce this error? The description given is not reproducing this for me, but it may be that I'm not following the exact same workflow.
Hainish
on 30 Aug 2017
@DtpEJsaYXDU4GDH8dE4MyI9VrieF0UZpPZ0K76K this will not work. The WebExtension has no access to the old preferences that the legacy XPCOM extension drew from.
Hainish
on 30 Aug 2017
This issue started about two weeks ago in both Firefox and chrome. To reproduce, here are some potential steps.
Install extension
Enable no http mode
Close browser
Reopen browser. Notice that the setting is disabled (icon is blue), even if the option appears enabled. Enabled icon color is red when one.
Try chrome as well.
gripedthumbtacks
on 30 Aug 2017
Can reproduce. It becomes red for a split second before being changed to blue. Something seems to disable HTTPS-only mode.
ghost
on 30 Aug 2017
I am seeing the same behaviour as @DtpEJsaYXDU4GDH8dE4MyI9VrieF0UZpPZ0K76K My workaround above of disabling and re-enabling doesn't seem to be persisted across Firefox executions. When starting up Firefox, the icon is blue (I haven't noticed it flickering from red to blue myself), but the checkbox beside "Block all unencrypted requests" is checked, which matches the expected preference since it was checked on the previous Firefox execution.
ansell
on 30 Aug 2017
I have been experiencing the exact same behavior described by @ansell in Chrome.
jimmycuadra
on 30 Aug 2017
I was waiting to hear more on this issue but this looks like an exact duplicate of https://github.com/EFForg/https-everywhere/issues/10478.
Bisaloo
on 30 Aug 2017
This behavior is not observed in Firefox 52.3.0 but interestingly is observed in 55.0.1. Possible Firefox regression? Looking into this further now.
Hainish
on 30 Aug 2017
Doubt it could only be a regression in firefox if this issue ALSO affects chrome.
gripedthumbtacks
on 30 Aug 2017
This stems from a race condition between the setting of the storage object in https://github.com/EFForg/https-everywhere/blob/04b4e1df08543be683655c67652b8d337d61daf7/chromium/storage.js#L5 and the retrieval of background.js stored global variables in https://github.com/EFForg/https-everywhere/blob/04b4e1df08543be683655c67652b8d337d61daf7/chromium/background.js#L70-L79. https://github.com/EFForg/https-everywhere/pull/12268 fixes this.
Hainish
on 30 Aug 2017
I can make a release tomorrow with this change.
Hainish
on 30 Aug 2017
Works for me now, thank you @Hainish.
ivan-kolmychek
on 1 Sep 2017
It's good to update release in FF addons now. Who does that, by the way?
matryoshkababushka
on 2 Sep 2017
@CrackHD @Hainish does.
ghost
on 3 Sep 2017
Related issues
cschanaj
路
3Comments
margre8
路
3Comments
anonsubmitter
路
5Comments
cschanaj
路
4Comments
J0WI
路
3Comments
Most helpful comment
I can make a release tomorrow with this change.