Feature request: Ability to prevent connection going through HTTP (clearnet only)

[za3ter2p]

Add (Optional) plugin or browser option to lock the connection over TLS rather than falling into the http insecure connection on the clearnet if the website support both connections (http/https).

e.g of plugin doing same effect is HTTPS-Everywhere:

https://www.eff.org/https-everywhere

[hrj]

This is a good idea which has been on my mind for some time. Thanks for raising the issue.

The rough outline of how I expect this feature to work:

• When user explicitly types a URL with protocol in it, we respect it.
• When user types a partial URL without protocol, we assume https, rather than http.
• When user clicks a link with http we don't directly navigate to it, but show a screen that allows the user to switch to https or continue with http.
• Note that: for resource requests from a page (such as images, etc), the request manager already has support for blocking insecure requests.

PRs welcome.

I am currently focussed on improving the layout engine.