HTTPS-Everywhere rulesets for Perl sites

By Olivier Mengué (dolmen) on September 18, 2012 8:36 PM

HTTPS-Everywhere is a Firefox and Chrome extension brought by the EFF to automatically use https:// URLs instead of http:// if the site supports that. Think about what happens when you type http://github.com instead of https://github.com/ in your address bar.

So I added rulesets for PAUSE, BitCard and MetaCPAN.

HTTPS-Everywhere makes its decision based on rulesets bundled with the extension, so this has three advantages:

this is not just for URLs you type in the address bar: any http:// URL in the ruleset is automatically translated, so if a third party site links using http://, it will be translated. So you're always secure.
as the redirect happens directly inside your browser, no network transaction occurs and the remote site will never be contacted over an unencrypted link. This also one less HTTP redirect, so faster access to the final destination.
the extension includes rules to secure cookies (which means forbid sending a cookie set over https:// in a http:// request on the same domain)
this allows to fix sites that have a broken SSL implementation

So I submitted rulesets for some major Perl community sites that require authentication:

PAUSE: ruleset
MetaCPAN: ruleset
BitCard (used to authenticate on rt.cpan.org and cpanratings.perl.org): ruleset. Note that BitCard cookies are not secured without this extension.

I'm interested in adding support for other Perl community sites I've missed, so please submit them here as comments, or better as issues on Github.

2 comments

Tagged as:

BitCard, browser, Chrome, CPAN, Firefox, HTTPS-Everywhere, MetaCPAN, PAUSE, perl programming, security

2 Comments

Sawyer X | September 19, 2012 9:01 AM | Reply

Awesome!

bor | September 27, 2012 10:54 AM | Reply

Great stuff!
Thanks.

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

About Olivier Mengué (dolmen)

I blog about Perl.

More info »

Olivier Mengué (dolmen)