Bug report (http, https, google)

[skudo12]

Hello, I created a domain level scope for https://*.google.com .

However when visiting http://productforums.google.com (non https version) first, then manually switch to https://productforums.google.com , the extension will not see the rule for https://*.google.com.

For the extension to see the rule for https://*.google.com, I need to clear history, then browse directly to the https://productforums.google.com .

I have actually saw some discrepancy in rules regarding http and https rules. This makes me want to install https everywhere.

[gorhill]

What is the state of "auto-create scope" settings?

[gorhill]

There is a scope precedence in HTTPSB. If one scope doesn't exist, a scope with lower precedence is then tried, etc until global scope is reached.

If one visits https://www.example.com, the precedence is:

https://www.example.com
http://www.example.com
https://*.example.com
http://*.example.com
*

If one visit http://www.example.com:

http://www.example.com
http://*.example.com
*

So if you have auto-scope created for http://www.example.com, this will indeed hide https://*.example.com when going to https://www.example.com.

Now from your bug report, your expectation was that the precedence should have been:

https://www.example.com
https://*.example.com
http://www.example.com
http://*.example.com
*

or even:

https://www.example.com
https://*.example.com
*

That is an open question as far as I am concerned. Which part is the more significant in the scope: the subdomains part (www above), or the scheme part (https) ?

Input welcomed.

[skudo12]

Yes, I have the autoscope checked.

[skudo12]

I think the rule for http://productforums.google.com should not affect the rule for https://*.google.com. So https://productforums.google.com should not use the rule for http. Well I think I could just use https everywhere if the scenario I am experiencing now is not a bug.

[gorhill]

I will have to change the way scopes are defined. The scheme will have to be taken out for now, this just creates too much confusion, including myself, and because of this users might possibly end up giving up using scopes.

This is a big change but I see only problems ahead. How we connect and where we connect are two different concepts, and trying to treat them as if they are the same thing results in clunky and buggy behavior. This is a big change but this needs to be done as soon as possible to prevent new users to be subjected to the mess.

I need to figure a heuristic to transpose the older scopes into the simpler scopes when they will be loaded. I actually expect that whoever created two site-level scopes for the same hostname to be rather rare, and in any case there are bugs when such two scopes exists simultaneously. I need transition code which will merge all the rules in the two scopes.

HTTPS Everywhere will be recommended for use along HTTPSB to take care of the connection part.