If you think this add-on violates Mozilla's add-on policies or has security or privacy issues, please report these issues to Mozilla using this form.
Please don't use this form to report bugs or request add-on features; this report will be sent to Mozilla and not to the add-on developer.
Don't work in FF50
Does not work in newer firefox versions and it also does not remember manual settings on permissions page, I tick "always access secure content from this site" but it does not remember this setting.
In current Firefox the addon window doesn't work (for me) due to a xml parse error that looks like its related to the localisation of the addons.
Broken with Version 40 as well. Is there any other way to get HTTPS enforcement without having to set it manually site by site?
firefox 39 :/ worked great with previous versions
Adding a site to the list has no effect, site still opens with HTTP. Checking the checkbox on the Permissions tab of the Page Info will also add the side to the list, but already when closing and reopening then Page Info (without reloading the page) the checkbox isn't set anymore (yet the site is still on the list).
And it's not Firefox that is broken here. When installing Enforce Encryption, opening the page with HTTPS and checking the force checkbox, the page is also added to the list in Force-TLS, but now it will open with HTTPS (as desired) and now the checkbox on the Permissions tab of the Page Info is checked when I open it, so this add-on does it right.
I can add domains to forcetls addon list but I cant remove them.
and adding and removing them has no effect on the permission page on page info.and enabling the permission in page info has no effect whatsoever on website trying to go to https version.
and the list is no longer populated with website that advertise the hsts and its max age.
so basically it doesn't work.
Hi, I am looking for the exact opposite of this plugin. I use Firefox 9 with TLS deliberately deactivated in about:config. I would prefer SSL1 to SSL2, and SSL2 to SSL3. Surely Firefox can do this in proper ascending, rather than descending order? Everyone seems to be getting it BACKWARDS.
SSL Button not detecting https site version
Domain manualy added to SSL list keeps on http
Looking for working alternaive
Latest Firefox version
Difficulty opening the same site of Sid Stamm. I installed Force-TLS but when i click on the link of your site it does not open! =D
the site of Sid Stamm is not https!? O.o
Great extension, adds a HSTS manager than Firefox lacks for some unknown reason (but Chrome has).
Bug Report: if a domain is added for forced SSL and then Firefox encounters a self-signed (untrusted) certificate, you cannot accept the certificate - it will go into an endless loop - until you remove the domain from ForceTLS and then accept the certificate
Wishlist: ability to easily see/save the difference between the pre-loaded HSTS that comes with newer Firefox and user-defined (or maybe permanent vs non-permanent) ala a search filter at the bottom of the list
ps. add HSTS to your tags for this extension
to help google: chrome://net-internals/#hsts for firefox
Firefox already respects Strict-Transport-Security, maintaining an internal list of sites that declare that the browser should always use https to access them. This prevents someone from spoofing as this site (man in the middle) but with plain HTTP. It also has the added benefit of simply forcing encrypytion to protect your data in case you tried to visit the plain HTTP site (particularly from a public/open hotspot) -- much like the Electronic Frontier Foundation's "HTTPS-everywhere" (eff.org) add-on except that the latter uses list maintained by the EFF rather than as self-identified by each site.
The benefit of the Force TLS add-on is that it provides a nice GUI for displaying and modifying Firefox's list of STS sites -- although the usefulness of this is limited by the limited number of sites that set a Strict Transport Security header.
Also, one can easily add a site in the GUI, whereas HTTPS-Everywhere requires hand-editing arcane xml for the user to add a new site!
HTTPS-Everywhere on eff.org has the sizable aforementioned list of sites that *can* use HTTPS in place of HTTP, even if the sites don't themselves request that the browser always do so. I guess HTTPS-Everywhere can use more flexible rules, but again at the price of requiring you to write XML to define each of them. Also HTPPS-Everywhere provides a button showing any entries for the current site and the ability to disable/enable these entries (but not add a new one).
You might try using *both* of these add-ons together. Perhaps, in the future, one of these add-ons could provide the benefits of both.
However, this addon may not be needed by an avg user who doesn't want to know what's going on at this level of detail. For him/her, the HTTPS Finder addon might be a better choice, perhaps in combination with HTTPS Everywhere. HTTPS Finder tests whether the present HTTP site has an HTTPS version having the same URI, and offers to switch you to it.
it'd be great to have an option to force non https connections too
i agree with Tommy Åsén because i have the same problem with some sites.
it is an awesome add-on but it just needs that one small problem fixed / sorted
so please i must ask you to update your add-on
try to show us it's full potential
It's great to be able to click links and always have the https version as some sites dont handle http well.
However i have one site where a subdomain is the exact oppiosite, https doesn't work at all so it'd be great to have an option to force non https connections too
Very useful to access secure sites otherwise blocked by my ISP.
Since this addon allows you to maintain a *list* of sites, it's obvious that users may need to export/import the addon's setting. Hence the 4 star.
Meanwhile for those who want to copy/backup the settings from one profile to another, do this:
- Start Run(Win+R), type "%appdata%\Mozilla\Firefox\Profiles" (w/ or w/o quotes) and hit Enter. Here you'll find your Firefox profile(s).
- Copy the 'permissions.sqlite' file from your profile directory to the new profile dir (or a backup directory)
Robert Vamosi reports in today's Windows Secrets newsletter that "Firefox 5 also automatically connects your browser to secure webpages (https) when they exist, eliminating the need for third-party, add-on apps such as Force-TLS and HTTPS Everywhere." Does Force-TLS add any value to Firefox 5?
By any chance can you please add an import/export function, so all you have to do for the next browser update would be just install the addon, then hit the import button which could, pop-up a normal explorer window, so that the user can pick their custom list. You may have to add a few allowed list extensions like .txt ; .doc; docx etc. Just an idea, if need help on doing that ask for help from Justin Scott (fligtar) https://addons.mozilla.org/en-US/firefox/user/9945/ he already added that to his addon.
Hi Taylor! Yes, many people are requesting the import/export function, but I don't have a whole lot of time to work on Force-TLS. If you're interested in helping code that feature, drop me a line at firstname.lastname@example.org and I'll point you to the docs and source code.
Shows that is will work for FF5 but does not work. Was using it with FF4 with no problems. It installs fine in FF5 but just does not work anymore.
Please update asap for FF5! Thanks!!
I put this one in my Apollo! Pack! collection because it is one more tool for us to help plug one more leak. Maybe FF4 has this built in but 4 is a disaster. I urge people to run 3.6 until they fix 4 or maybe when they release 5 they will get their act together. Till then this one fills a void.
I have manually added "facebook.com" to the list but on returning to a previously httpS page its no longer https.
Why do you insist on breaking your own extension? For example, I just installed Force-TLS and noticed with glee and admiration that you finally included a site; eff.org. However you set it to expire in 32 days??? It's eff.org, man! If they go, we all go! Why would they ever expire for any reason, or any other site for that matter. I just don't have it in me to carefully monitor my whitelist everyday for arbitrary deletions, who does?
Although from what I understood that FF4 should force the https on sites that does support it, it doesnt seem to be the case. The GUI is great for being able to force the site that you want. Though I'm a bit worried that there is no import/export functionality. I already have a list of 30 sites in, and wouldn't want and would be very annoyed if I have to do it again, or replicate it to my other laptops.
Kindly, give me us import/export, 4 star or else would have been 5 stars
Import/export functionality is something I'd like to add down the road... but I haven't had any time to implement it. If you'd like to work on it, send me an email (email@example.com) and I'll point you to the source code.