HTTPS-Everywhere rulesets for Perl sites
HTTPS-Everywhere is a Firefox and Chrome extension brought by the EFF to automatically use https:// URLs instead of http:// if the site supports that. Think about what happens when you type http://github.com instead of https://github.com/ in your address bar.
So I added rulesets for PAUSE, BitCard and MetaCPAN.
HTTPS-Everywhere makes its decision based on rulesets bundled with the extension, so this has three advantages:
- this is not just for URLs you type in the address bar: any http:// URL in the ruleset is automatically translated, so if a third party site links using http://, it will be translated. So you're always secure.
- as the redirect happens directly inside your browser, no network transaction occurs and the remote site will never be contacted over an unencrypted link. This also one less HTTP redirect, so faster access to the final destination.
- the extension includes rules to secure cookies (which means forbid sending a cookie set over https:// in a http:// request on the same domain)
- this allows to fix sites that have a broken SSL implementation
So I submitted rulesets for some major Perl community sites that require authentication:
- PAUSE: ruleset
- MetaCPAN: ruleset
- BitCard (used to authenticate on rt.cpan.org and cpanratings.perl.org): ruleset. Note that BitCard cookies are not secured without this extension.
I'm interested in adding support for other Perl community sites I've missed, so please submit them here as comments, or better as issues on Github.