Version: unspecified (using Devel) OS: Linux The EFF maintains a list of rules how to rewrite http URLs to equivalent https URLs to increase security for network connections. There is a Firefox plugin available, but it would be nice if the KDE framework would support the same mechanism as well. The rules are a set of XML files containing regular-expressions describing how to rewrite URLs. Using QRegExp, an implementation should be straight forward. It should be configurable to the user to either apply those rules every time, to be asked every time, or to disable it all together. Rule files from EFF should be shipped with KDE (more convenient) or be pulled via git from the originally repository (more up-to-date). I guess this qualifies as a junior job ... ;-) Reproducible: Always Expected Results: For example, when going to http://www.vimeo.com/log_in one should be forwarded to https://secure.vimeo.com/log_in (so it is not a simple rewrite of "http" to "https"). https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules
This is for Konqueror, or just in general?
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
(In reply to Nate Graham from comment #1) > This is for Konqueror, or just in general? It should apply to all HTTP queries and may be handled on a similar level like proxy settings.
Thanks for the info.
@Volker what do you think? I'm assuming KRun isn't the best place for this though. This substitution should also happen when typing a URL in Falkon or when akregator fetches a feed, etc. right?
Certainly interesting, it could complement HSTS for hosts not supporting that yet. And yes, this is something you'd want to apply to all user-entered URLs, not limited to a specific application. I'm not so sure about all HTTP connections in general though, ie. probably something you want on top of the existing HTTP stacks, not integrated into them? Also, these rulesets seem huge, so we also have to keep an eye on the performance impact of this.
IHMO it fits quite nicely close to where settings for proxies are made, i.e. in KProtocolManager. There is already a proxyForUrl function to determine a proxy for an URL. Why not add "secureProtocolRewrite" function that, given a QUrl, returns a rewritten QUrl. For unknown/unsupported URLs, it just passes them back. The documentation would read: "Tries to rewrite a given QUrl to use a more secure protocol. Currently, only rules of 'HTTPS Everywhere', provided by the Electronic Frontier Foundation, will be used to rewrite known HTTP URLs to equivalent HTTPS URLs." As for performance, maybe a helper script can be used to pull the lastest EFF rules from GitHub and write out a C++ class containing the data hard-coded and an efficient read-only data structure for fast lookups. Both the script and the generated C++ would reside in KDE's repository, requiring to run the script only once EFF updates the rules or we redesign the hard-coded data structure. EFF's rules contain even test URLs that would allow to write automated test classes as well.