Greasy Fork镜像

Doesn't work
http://dev.jeffersonscher.com/resolution.html
http://www.corelangs.com/js/string/length.html

If the site doesn't support HTTPS, then this script doesn't fix that. Both those sites do not support HTTPS.

This userscript is only for sites that support HTTPS, but for some reason or another does not force HTTPS. I'll update the userscript description to make this clearer.

hmm.Thank's for the reply.I know js and it seems that the script doesn't have anything that can check when an website supports https or not, but okay.

How's your script better than the browser extensions HTTPS Everywhere or smart https?

Could you improve the script to check an try to load all of the links inside a page to use https too?

I personally believe that you should change
// @match http://apache.org/*
TO
// @match *

Then your script will run on any website

No, the intention is to only force sites that you know supports HTTPS to use HTTPS all the time. Some sites like apache.org will default to using HTTP.

You can modify the script to use * if you use a decent userscript manager. I know ViolentMonkey and FireMonkey allows you to do this. I haven't tested GreaseMonkey or TamperMonkey. The reason I chose a manual approach is for the same reason you posted this review. You don't know which sites support HTTPS natively and you'll get a "Secure Connection" failed notice in your browser for those that don't or an infinite redirect loop, which is bad in both cases.

As for your question, HTTPS Everywhere is bloated and relies on a manual rules list that they maintain. If you prefer using an addon with no manual whitelisting, then use HTTPZ or Smart HTTPS. However, I noticed that HTTPZ leaks memory sometimes. My userscript is more lightweight than all the above though.

As you said, I believed that your script doesn't work, because the script didn't work on
http://dev.jeffersonscher.com/resolution.html
http://www.corelangs.com/js/string/length.html
And I believe that I should "Get a "Secure Connection" failed notice on my browser for these websites or get an infinite redirect loop", but nothing happened.

Yes,I know that your script is much more lightweighted than any browser extension, but these extensions can also analyze and try to convert links that are loaded within the website (like iframes) to https, if they are http links.

Can you/will you add this function to your script one day?

I've always heard about good things about the extension HTTPS Everywhere, because websites say that this extension protects against hackers/attacks, not only because the extension makes every website load on https, but also for some other security reason that I don't remember, but I'm not sure if this is true since I can't remember.

Do you think/know if the browser extensions HTTPS Everywhere or the Smart HTTPS, have/does something (related to security) that your script doesn't/can't do?

Like I mentioned in the userscript's description, you have to write your own custom @match or @include rules provided by your userscript manager.

So say you want to target this page,http://dev.jeffersonscher.com/resolution.html, you need to write the following rule:

http://dev.jeffersonscher.com/*

In ViolentMonkey, you can do that here:




Make sure you save your settings, then the next time you go to http://dev.jeffersonscher.com/resolution.html, it will redirect to https://dev.jeffersonscher.com/resolution.html, but you will get the "Secure Connection" failed notice because that site doesn't support HTTPS:



If you need the extra security provided by HTTPS Everywhere (eg. switching out iframe src from HTTP to HTTPS) because you go to a lot of HTTP sites, then you should use that. The browser extensions offer ease of use, whereas my script requires user configuration.

You also have to ask yourself how often you stumble upon a HTTP site each day. Nowadays, most of the web is becoming HTTPS-only. So extensions like HTTPS Everywhere will no longer be needed in the next few years.

lol,that's true.

Why the script works with the rule http://dev.jeffersonscher.com/* but not with * only?
Is it possible to fix? so the script can run on any http website.

UPDATE: please update your script and remove the match apache line and add // @include *
Or replace the actual match with // @match http://*/*
then you can make a function to show a pop up option to the user whitelist websites

As I mentioned before, write your own @match rules in your userscript manager. I showed you how to do that with ViolentMonkey.

I gave you reasons why I don't want to enable it across all HTTP sites because not all HTTP sites support HTTPS, just like the two sites you mentioned in your first post.

You can also fork the userscript and make your own changes. I won't be making any additional changes.

ok,thanks.

Hi,

About what you mentioned before:

but these extensions can also analyze and try to convert links that are loaded within the website (like iframes) to https, if they are http links.

You might want to try using a new userscript I've written, CSP - Upgrade Insecure Requests. That userscript will try to upgrade HTTP assets to HTTPS. So if it finds any HTTP images or iframes, it will attempt to load them over HTTPS automatically. You will also need to keep using this script, Force HTTP to HTTPS, as well.