Opened 6 years ago

Closed 5 years ago

#10033 closed enhancement (fixed)

Make it easy for users to add a hostname to the ruleset in Firefox

Reported by: realityexists Owned by: pde
Priority: High Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version: HTTPS-E 3.2.2
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


There are some hostnames which I always want to access using HTTPS and they're not part of the HTTPS-E ruleset. I'd like the ability to *easily* add them. I'm not suggesting a complete GUI for editing all aspects of rulesets. If it was merely possible to rewrite "*" to "*" I think that would cover at least 90% of real-world scenarios (certainly all of mine).

The current process for doing this seems to be intended for developers, rather than users. tells me I need to:

1) Learn the HTTPS-E XML format
2) Know JavaScript regular expressions

or alternatively

1) Install Python
2) Install git and checkout the HTTPS-E repository
3) Find the make-trivial-rule Python script there

In addition to that, I need to find where this ruleset file is actually stored. The page mentions it for Firefox, but not for Chrome.

I could do all that, but it seems easier to just type "https://", so I don't bother. If HTTPS-E could *easily* do this it would be significantly more useful.

Child Tickets

#3763enhancementclosedpdeallow changing local rules without restarting Firefox

Change History (9)

comment:1 Changed 6 years ago by cypherpunks

As a possible step in the right direction:
this within https-e would make it a lot easier for users to contribute.
As long as it properly detects that we already have rules for the page, even though it might be disabled due to bugs.

comment:2 Changed 6 years ago by zyan

Priority: normalmajor
Summary: Make it easy for users to add a hostname to the rulesetMake it easy for users to add a hostname to the ruleset in Firefox

Someone has added a way to do this in Chrome, but not Firefox. I'm changing the title and bumping the priority.

comment:3 Changed 6 years ago by realityexists

I use Chrome, but don't see the easy way.

comment:4 Changed 6 years ago by realityexists

... so I'd appreciate if someone could point out what that "easy way" is.

comment:5 Changed 6 years ago by zyan

It's not in the latest chrome release, will be in the next one.

comment:6 Changed 5 years ago by jsha

This is now in Chrome stable releases.

comment:7 Changed 5 years ago by realityexists

It seems to be working nicely in 2014.11.25. Thanks!

comment:8 Changed 5 years ago by cypherpunks

The following is from the NoScript FAQ (

Q: Can NoScript force some sites to always use HTTPS?

A: Yes, just open NoScript Options|Advanced|HTTPS|Behavior, entering the sites you want to force in the topmost box, and those you want to always leave alone in the bottom one.

You can use space-separated simple strings, which will be matched as "starts with...", glob patterns like * and full-fledged regular expressions.

If, for instance, you want HTTPS to be forced on every Google application excluding Search and iGoogle, you can put * in the "Force" box and in the "Never" box.

The latter can be of course rewritten as a https?:www\.google\.com/(?:search|ig)\b.* regular expression.

To force HTTPS over a website's base domain and all its subdomains, type in the "Force" box. This forces HTTPS for,, and

Since NoScript is installed by default in the Tor Browser Bundle, this seems like a useful method for most users.

HTTPS Finder requires installing a separate (possibly untrusted) add-on, but I use it and it works well (I'm not the user who originally recommended it, however). It contains options to automatically force HTTPS if a site supports it, and options to automatically secure cookies. There are possible privacy implications, though, since it autodetects HTTPS support by trying to make a secure connection for every visited website.

comment:9 Changed 5 years ago by cypherpunks

Resolution: fixed
Status: newclosed

I'm marking this bug as closed, since there's no new activity and the requested feature already exists. If someone disagrees, feel free to reopen.

However, lack of knowledge about this feature seems to me like a separate bug. Maybe someone should add information about forcing HTTPS to the FAQ, or somewhere else in the Tor Browser documentation.

Note: See TracTickets for help on using tickets.