Feature: Navigate to HTTP in EASE Once

.github/pull_request_template.md

@@ -1,3 +1,4 @@
+<<<<<<< HEAD
 ***Delete section if irrelevant***
 
 ### List related PRs if any
@@ -9,10 +10,22 @@
 - issue link
 
 ***May delete note after reading***
+=======
+## List related PRs if any
+
+- pr link
+
+## List related issues if any
+
+- issue link
+
+*May delete note after reading*
+>>>>>>> 342a077a389b0b9441be8c935e300234c7e65a23
 
 ### Note to contributor:
 Thank you for contributing! If this is a new ruleset and your first time contributing, congratulations! There will be some tests ran through our continuous integration in Travis. For example, checking for duplicate hosts, problematic hosts, etc. in the ruleset file. You will see this testing begin when you open this pull request.
 
+<<<<<<< HEAD
 If this is not your first time and you have open PRs that have not been closed or merged, please revisit them by searching: `https://github.com/EFForg/https-everywhere/issues?q=is%3Aopen+assignee%3A[yourusernamehere]`. If there is something not being addressed by other maintainers or a project lead, link them to the PR with your question. Thank you for your patience.
 
 More helpful filters in Pull Request search:
@@ -24,3 +37,6 @@ More helpful filters in Pull Request search:
  `is:pr is:merged author:[your username]`
 - Approved PRs: 
 `is:pr review:approved author:[your username]`
+=======
+If this is not your first time and you have open PRs that have not been closed or merged, please revisit them by searching: https://github.com/EFForg/https-everywhere/issues?q=is%3Aopen+assignee%3A[yourusernamehere]. If there is something not being addressed by other maintainers or a project lead, link them to the PR with your question. Thank you for your patience.
+>>>>>>> 342a077a389b0b9441be8c935e300234c7e65a23

chromium/background-scripts/background.js

@@ -41,6 +41,7 @@ async function initializeAllRules() {
 var httpNowhereOn = false;
 var isExtensionEnabled = true;
 let disabledList = new Set();
+let httpOnceList = new Set();
 
 function initializeStoredGlobals() {
   return new Promise(resolve => {
@@ -114,6 +115,18 @@ if (chrome.windows) {
   chrome.windows.onFocusChanged.addListener(function() {
     updateState();
   });
+
+  // Grant access to HTTP site only during session, clear once window is closed
+  chrome.windows.onRemoved.addListener(function() {
+    chrome.windows.getAll({}, function(windows) {
+      if(windows.length > 0) {
+        return;
+      } else {
+        httpOnceList.clear();
+      }
+    });
+  });
+
 }
 chrome.webNavigation.onCompleted.addListener(function() {
   updateState();
@@ -148,7 +161,7 @@ function updateState () {
     const tabUrl = new URL(tabs[0].url);
     const hostname = util.getNormalisedHostname(tabUrl.hostname);
 
-    if (disabledList.has(hostname) || iconState == "disabled") {
+    if (disabledList.has(hostname) || httpOnceList.has(hostname) || iconState == "disabled") {
       if ('setIcon' in chrome.browserAction) {
         chrome.browserAction.setIcon({
           path: {
@@ -316,7 +329,9 @@ function onBeforeRequest(details) {
     browserSession.putTab(details.tabId, 'first_party_host', uri.host, true);
   }
 
-  if (disabledList.has(browserSession.getTab(details.tabId, 'first_party_host', null))) {
+  if (disabledList.has(browserSession.getTab(details.tabId, 'first_party_host', null)) ||
+    httpOnceList.has(browserSession.getTab(details.tabId, 'first_party_host', null)))
+  {
     return;
   }
 
@@ -564,7 +579,9 @@ function onHeadersReceived(details) {
 
     // Do not upgrade resources if the first-party domain disbled EASE mode
     // This is needed for HTTPS sites serve mixed content and is broken
-    if (disabledList.has(browserSession.getTab(details.tabId, 'first_party_host', null))) {
+    if (disabledList.has(browserSession.getTab(details.tabId, 'first_party_host', null)) ||
+      httpOnceList.has(browserSession.getTab(details.tabId, 'first_party_host', null)))
+    {
       return {};
     }
 
@@ -654,11 +671,21 @@ chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
     });
   }
 
-  function storeDisabledList() {
+  function storeDisabledList(message) {
+
     const disabledListArray = Array.from(disabledList);
-    store.set({disabledList: disabledListArray}, () => {
-      sendResponse(true);
-    });
+    const httpOnceListArray = Array.from(httpOnceList);
+
+    if (message === 'once') {
+      store.set({httpOnceList: httpOnceListArray}, () => {
+        sendResponse(true);
+      });
+    } else {
+      store.set({disabledList: disabledListArray}, () => {
+        sendResponse(true);
+      });
+    }
+
     return true;
   }
 
@@ -835,13 +862,17 @@ chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
       });
       return true;
     },
+    disable_on_site_once: () => {
+      httpOnceList.add(message.object);
+      return storeDisabledList('once');
+    },
     disable_on_site: () => {
       disabledList.add(util.getNormalisedHostname(message.object));
-      return storeDisabledList();
+      return storeDisabledList('disable');
     },
     enable_on_site: () => {
       disabledList.delete(util.getNormalisedHostname(message.object));
-      return storeDisabledList();
+      return storeDisabledList('enable');
     },
     check_if_site_disabled: () => {
       sendResponse(disabledList.has(util.getNormalisedHostname(message.object)));
@@ -876,6 +907,7 @@ function destroy_caches() {
   all_rules.ruleCache.clear();
   rules.settings.domainBlacklist.clear();
   urlBlacklist.clear();
+  httpOnceList.clear();
 }
 
 Object.assign(exports, {

chromium/pages/cancel/index.html

@@ -18,7 +18,11 @@ <h1 id="https-everywhere"><img src="../../images/banner-red.png" alt="HTTPS Ever
       </p>
 
       <form method="get" action="#" id="url-actions-form">
-        <button type="button" name="open" formaction="#" id="open-url-button" data-i18n="cancel_open_page">Open insecure page</button>
+        <button type="button" name="open" formaction="#" id="open-url-button" data-i18n="cancel_open_page"></button>
+      </form>
+
+      <form method="get" action="#" id="http-once">
+        <button type="button" name="http-once" formaction="#" id="http-once-button" data-i18n="cancel_http_once"></button>
       </form>
 
       <script src="../translation.js"></script>

chromium/pages/cancel/style.css

@@ -5,7 +5,6 @@ body{
 }
 
 .content{
-  width: 600px;
   margin: auto;
   text-align: left;
 }
@@ -27,17 +26,25 @@ form, button, p{
 }
 
 form{
-  overflow: auto;
+  display: inline-flex;
   margin-bottom: 1em;
+  overflow: auto;
+}
+form#http-once {
+  margin-left: 8px;
+}
+form#url-actions-form {
+  border-right: solid #ec1e1e 1px;
+  padding-right: 8px;
 }
 
 form button{
-  padding: .5em 1em;
   background-color: #aaa;
-  color: #fff;
   border: none;
   border-radius: 4px;
+  color: #fff;
   cursor: pointer;
+  padding: .5em 1em;
 }
 
 #url-value{
@@ -47,8 +54,32 @@ form button{
   text-overflow: ellipsis;
 }
 
-#open-url-button{
-  display: inline-block;
-  float: left;
+#open-url-button, #http-once-button {
   background-color: #ec1e1e;
+  float: left;
+}
+#open-url-button:hover, #http-once-button:hover {
+  background-color: #fff;
+  border: 1px solid #ec1e1e;
+  color: #ec1e1e;
 }
+
+@media screen and (min-width: 600px) {
+  .content {
+    width: 600px;
+  }
+}
+
+@media screen and (max-width: 600px) {
+  .content, img {
+    width: 100%;
+  }
+  form#url-actions-form {
+    border: none;
+  }
+  form#http-once {
+    margin-left: 0;
+  }
+}
+
+

chromium/pages/cancel/ux.js

@@ -30,18 +30,29 @@ function displayURL() {
   const originURL = searchParams.get('originURL');
   const originURLLink = document.getElementById('url-value');
   const openURLButton = document.getElementById('open-url-button');
+  const openHttpOnce = document.getElementById('http-once-button');
+  const url = new URL(originURL);
 
   originURLLink.innerText = originURL;
   originURLLink.href = originURL;
 
   openURLButton.addEventListener("click", function() {
     if (confirm(chrome.i18n.getMessage("chrome_disable_on_this_site") + '?')) {
-      const url = new URL(originURL);
       sendMessage("disable_on_site", url.host, () => {
         window.location = originURL;
       });
     }
 
     return false;
   });
+
+  openHttpOnce.addEventListener("click", function() {
+    if (confirm(chrome.i18n.getMessage("chrome_disable_on_this_site") + '?')) {
+      sendMessage("disable_on_site_once", url.host, () => {
+        window.location = originURL;
+      });
+    }
+
+    return false;
+  });
 }

src/chrome/locale/en/https-everywhere.dtd

@@ -45,6 +45,7 @@
 <!ENTITY https-everywhere.cancel.he_blocking_explainer "HTTPS Everywhere noticed you were navigating to a non-HTTPS page, and tried to send you to the HTTPS version instead. The HTTPS version is unavailable. Most likely this site does not support HTTPS, but it is also possible that an attacker is blocking the HTTPS version. If you wish to view the unencrypted version of this page, you can still do so by disabling the 'Encrypt All Sites Eligible' (EASE) option in your HTTPS Everywhere extension. Be aware that disabling this option could make your browser vulnerable to network-based downgrade attacks on websites you visit.">
 <!ENTITY https-everywhere.cancel.he_blocking_network "network-based downgrade attacks">
 <!ENTITY https-everywhere.cancel.open_page "Open insecure page">
+<!ENTITY https-everywhere.cancel.http_once "Open insecure page for this session only">
 
 <!ENTITY https-everywhere.chrome.settings_for_this_site_header "Settings for this site">
 <!ENTITY https-everywhere.chrome.settings_for_this_site_subheader "Change your preferences for encrypted connections">