In case you don't want to wait for your favorite sites to start deploying strict-transport-security, here's a way for you to enable it yourself. I whipped up a quick add-on proof of concept that lets you add and remove HSTS data.
There are two ways to manage HSTS data for sites using this add-on:
- Navigate to an HTTPS page, open the page info dialog, and tick the "Always access content from this site securely" box
- Choose the "Manage Strict-Transport-Security..." item from the Tools menu, and enter the host names for your favorite sites there.
Let me know what you think!
UPDATE: Instead of maintaining the add-on in parallel with Force-TLS, I've decided to adapt Force-TLS to use the HSTS bits built into Firefox 4 and show you the same UI. Instead of the STS-UI add-on, try installing Force-TLS!
Side note: addons.mozilla.org is HTTP only for this, among other reasons.
ReplyDeleteSid - this rocks. Thanks
ReplyDeleteThe add-on has been removed from AMO (probably because of the new review policy). Can you please re-submit it?
ReplyDelete@Anonymous:
ReplyDeleteInstead of maintaining the add-on in parallel with Force-TLS, I've decided to adapt Force-TLS to use the HSTS bits built into Firefox 4.
So if you want the UI back (like in STS-UI), install the Force-TLS add-on!