Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#2956 closed enhancement (fixed)

Create HTTPS-Everywhere prototype for chrome

Reported by: mikeperry Owned by: mikeperry
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: MikePerryIteration20110501
Cc: Actual Points: 3
Parent ID: Points: 8
Reviewer: Sponsor:

Description

The first blocking versions of the WebRequest APIs landed in Chrome's trunk, and they allow us to redirect requests to new locations.

This means we can prototype HTTPS-Everywhere using the current Firefox rulesets and check out what the perf impact is. If results are good, it should open the door to other useful blocking APIs.

Child Tickets

Attachments (2)

HTTPS-Everywhere.crx (195.9 KB) - added by mikeperry 8 years ago.
Prototype of HTTPS-Everywhere for Chrome. Requires experimental APIs.
HTTPS-Everywhere.2.crx (196.2 KB) - added by mikeperry 8 years ago.
Update .crx to use new request APIs.. still not enough though.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 8 years ago by mikeperry

Summary: Create prototype HTTPS-Everywhere prototype for chromeCreate HTTPS-Everywhere prototype for chrome

Changed 8 years ago by mikeperry

Attachment: HTTPS-Everywhere.crx added

Prototype of HTTPS-Everywhere for Chrome. Requires experimental APIs.

comment:2 Changed 8 years ago by mikeperry

Actual Points: 3
Resolution: fixed
Status: newclosed

Prototype works using the new experimental APIs. Redirect seems to function. There is an issue with properly securing cookies against a race condition, but we need the header modification APIs to stabilize a bit before we fix that.

Changed 8 years ago by mikeperry

Attachment: HTTPS-Everywhere.2.crx added

Update .crx to use new request APIs.. still not enough though.

comment:3 Changed 8 years ago by mikeperry

The new .crx removes cookies that should be secure from request headers using onBeforeSendHeaders.. However, JavaScript still has access to these cookies in document.cookie.. Bleh.

comment:4 in reply to:  3 Changed 8 years ago by mikeperry

Replying to mikeperry:

The new .crx removes cookies that should be secure from request headers using onBeforeSendHeaders.. However, JavaScript still has access to these cookies in document.cookie.. Bleh.

https://code.google.com/p/chromium/issues/detail?id=89118

comment:5 Changed 8 years ago by mikeperry

Aaron Swartz also found an issue with POSTs, apparently:
https://code.google.com/p/chromium/issues/detail?id=92882

Note: See TracTickets for help on using tickets.