Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The Firefox addon HTTPS Finder just alerted me to the fact that there was an HTTPS version of the site at https://news.ycombinator.com/ - I tried it out, and it worked. Nice work.

EDIT: Session cookie needs to be set as "secure" and Strict-Transport-Security should be implemented in order to protect against certain attacks. End users can just add this HTTPS-Everywhere ruleset:

https://raw.github.com/mikecardwell/https-everywhere/73241d1...



Thanks for the HTTPS-Everywhere ruleset!

I've been using HTTPS-Everywhere for a reasonably long time now (a couple of years?) but this is actually the first time I've added a rule...so if anyone else falls into that boat: all you need to do is save the YCombinator.xml file (linked above, from Mike's GitHub) into the HTTPSEverywhereUserRules folder in your Firefox profile folder, then restart Firefox.

Hopefully that'll save someone else from having to look it up ;)


Thanks for saving me a minute or two. :)


Can you elaborate please? What is this "HTTPS everywhere" and why do we need it?


A really fantastic firefox addon that forces HTTPS on certain sites. https://eff.org/https-everywhere/


> and why do we need it?

If you're on an unsecured wireless network (e.g. at a library) and you don't want someone to see your HN password when you log in.


Here's a silent Chrome version https://chrome.google.com/webstore/detail/flcpelgcagfhfoegek...


Watch out, this extension does not do what HTTPS-Everywhere does! With KB SSL Enforcer, your browser still hits the HTTP version before being redirected to the HTTPS version of the site.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: