-
Notifications
You must be signed in to change notification settings - Fork 80
Fix HTTPS Everywhere #143
base: gh-pages
Are you sure you want to change the base?
Fix HTTPS Everywhere #143
Conversation
I guess the question is, do we want to modify our page just to work around a (hopefully temporary) bug in a browser extension? How widely used is this extension? (I hadn't heard of it before the bug was reported) Also, would we need to make any other changes for this to fully work? The extension bug indicates that it also frequently breaks analytics (which is important for download counts) and webfonts (which we might also be loading from a different domain?). |
I wonder if an alternative fix would be to just make sure our links don't totally fail when the JSON update feed is unavailable. That also wouldn't fix any other parts of the page broken by HTTPS Everywhere, but OTOH it would benefit other cases rather than being a workaround specific to this one extension. |
We already default the big hero download button to the GitHub releases page, and yes, it won't hurt to do the same for the "Download Brackets without Extract" button, too. I had heard of HTTPS Everywhere before, but never used it myself. I don't know about analytics right now, but yeah, that's possible. I quickly looked at the list of hosts the addon forces HTTPS for on our page, and it showed |
@peterflynn There's no info on the number of users on Firefox because they don't offer it through the Mozilla website (here's the official explanation) , but HTTPS Everywhere is very popular among privacy-minded people. According to their official repositories, the Chrome version has 794,630 users, and the Opera version has 190,075 users. |
@peterflynn I've attached a patch to default the download button(s) to the GitHub releases page. I've changed the default URL of the big hero download button to https://github.com/adobe/brackets/releases as well, as we can't decide whether releases/latest is the Extract build or not. |
Hi @peterflynn! I'm the current maintainer for HTTPS Everywhere. Apologies for the CORS bug (EFForg/https-everywhere#49) causing issues on your site. I'm definitely planning to fix it, but our developer time at EFF is extremely limited, the bug is a bit complex and not yet fully understood, and it may be a little while before I can roll out a fix. However, I will treat this issue as bumping up the priority. I'd recommend updating these URLs to the secure version anyhow, because it's one more step on the road to making your site use HTTPS by default for all pages, which we at EFF strongly believe is the direction the web is moving. Chrome has even started planning for the day when they can indicate HTTP URLs with the same insecure marker they use for HTTPS sites with a bad certificate. Thanks, |
I don't know about the analytics side but I would not rely on relative URLs. |
... by directly requesting https version of update info
For #138