HTTPS Everywhere workaround for Pale Moon 25+

[Tailszefox]

I fiddled with the code a bit and managed to make the latest version work with PM. I haven't dabbled in extension coding a whole lot so it might not be the proper way to do this, but it should at least help in making a pull request to support PM again - or, if they refuse, to easily make a fork. As far as I can tell, the changes required are really extremely minor, so I can, at first glance, see no reason not to implement them.

Here's a git diff:

Code: Select all

diff --git a/src/chrome.manifest b/src/chrome.manifest
index 3764fa6..4c83a9c 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -45,12 +45,12 @@ category profile-after-change HTTPSEverywhere @eff.org/https-everywhere;1
 # XUL gets included in every non-mobile build
 # Android has some non-XUL UI that is loaded from the
 # sessionstore-windows-restored observer in https-everywhere.js
-overlay chrome://browser/content/browser.xul chrome://https-everywhere/content/toolbar_button.xul application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde}
-overlay chrome://navigator/content/navigator.xul chrome://https-everywhere/content/toolbar_button.xul application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde}
+overlay chrome://browser/content/browser.xul chrome://https-everywhere/content/toolbar_button.xul application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde} application={8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}
+overlay chrome://navigator/content/navigator.xul chrome://https-everywhere/content/toolbar_button.xul application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde} application={8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}
 
 style chrome://global/content/customizeToolbar.xul chrome://https-everywhere/skin/https-everywhere.css
 
 # Observatory does not yet have mobile-friendly UI
-component {0f9ab521-986d-4ad8-9c1f-6934e195c15c} components/ssl-observatory.js application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde}
-contract @eff.org/ssl-observatory;1 {0f9ab521-986d-4ad8-9c1f-6934e195c15c} application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde}
-category profile-after-change SSLObservatory @eff.org/ssl-observatory;1 application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde}
+component {0f9ab521-986d-4ad8-9c1f-6934e195c15c} components/ssl-observatory.js application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde} application={8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}
+contract @eff.org/ssl-observatory;1 {0f9ab521-986d-4ad8-9c1f-6934e195c15c} application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde} application={8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}
+category profile-after-change SSLObservatory @eff.org/ssl-observatory;1 application={ec8030f7-c20a-464f-9b0e-13a3a9e97384} application={92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} application={3550f703-e582-4d05-9a08-453d09bdfdc6} application={a79fe89b-6662-4ff4-8e88-09950ad4dfde} application={8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}
diff --git a/src/chrome/content/code/HTTPS.js b/src/chrome/content/code/HTTPS.js
index e41573a..a3f126b 100644
--- a/src/chrome/content/code/HTTPS.js
+++ b/src/chrome/content/code/HTTPS.js
@@ -1,7 +1,10 @@
 INCLUDE('Cookie');
 
-var securityService = CC['@mozilla.org/ssservice;1']
-    .getService(CI.nsISiteSecurityService);
+if('@mozilla.org/ssservice;1' in CC)
+{
+  var securityService = CC['@mozilla.org/ssservice;1']
+      .getService(CI.nsISiteSecurityService);
+}
 
 // Hack. We only need the part of the policystate that tracks content
 // policy loading.
@@ -40,8 +43,16 @@ const HTTPS = {
    */
   replaceChannel: function(applicable_list, channel, httpNowhereEnabled) {
     var blob = HTTPSRules.rewrittenURI(applicable_list, channel.URI.clone());
-    var isSTS = securityService.isSecureURI(
-        CI.nsISiteSecurityService.HEADER_HSTS, channel.URI, 0);
+    if(securityService)
+    {
+      var isSTS = securityService.isSecureURI(
+          CI.nsISiteSecurityService.HEADER_HSTS, channel.URI, 0);
+    }
+    else
+    {
+      var isSTS = false;
+    }
+
     if (blob === null) {
       // Abort insecure requests if HTTP Nowhere is on
       if (httpNowhereEnabled && channel.URI.schemeIs("http") && !isSTS) {
diff --git a/src/install.rdf b/src/install.rdf
index 5b30a5a..90ce618 100644
--- a/src/install.rdf
+++ b/src/install.rdf
@@ -17,6 +17,14 @@
         <em:updateURL>https://www.eff.org/files/https-everywhere-update-2048.rdf</em:updateURL>
                <em:unpack>true</em:unpack> <!-- Required for Firefox 4 -->
         <em:updateKey>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MR8W/galdxnpGqBsYbqOzQb2eyW15YFjDDEMI0ZOzt8f504obNs920lDnpPD2/KqgsfjOgw2K7xWDJIj/18xUvWPk3LDkrnokNiRkA3KOx3W6fHycKL+zID7zy+xZYBuh2fLyQtWV1VGQ45iNRp9+Zo7rH86cdfgkdnWTlNSHyTLW9NbXvyv/E12bppPcEvgCTAQXgnDVJ0/sqmeiijn9tTFh03aM+R2V/21h8aTraAS24qiPCz6gkmYGC8yr6mglcnNoYbsLNYZ69zF1XHcXPduCPdPdfLlzVlKK1/U7hkA28eG3BIAMh6uJYBRJTpiGgaGdPd7YekUB8S6cy+CQIDAQAB</em:updateKey>
+       <em:targetApplication>
+               <Description>
+               <!-- PaleMoon -->
+               <em:id>{8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}</em:id>
+               <em:minVersion>25.0</em:minVersion>
+               <em:maxVersion>30.*</em:maxVersion>
+             </Description>
+       </em:targetApplication>
         <!-- firefox -->
         <!-- firefox -->
         <em:targetApplication>

It does three things:

• Add PM GUID in install.rdf
• Add PM GUID in chrome.manifest
• Check if '@mozilla.org/ssservice;1' exists before trying to do stuff with it

[rea987]

Yet another stable release of HTTPS Everywhere. I have added 5.0.1 stable's rulesets.sqlite, preferences.js, Changelog and Pale Moon 25 compatible install.rdf to https-everywhere-5.0development.1.

Moderator note: Link to rogue version removed

[New Tobin Paradigm]

I am working with a user to get a fork up on the add-ons site.. PLEASE stop posting roage xpi files on the forums..

[SamDman_]

Hi:
Just downloaded and installed "https-everywhere-devel.xpi"
which turns out to be "HTTPS-Everywhere{5.0development.4}"
in the add-ons manager list. It seems to work OK on a couple of
sites that I tested.

Regards

[rea987]

Just downloaded and installed "https-everywhere-devel.xpi" which turns out to be "HTTPS-Everywhere{5.0development.4}" in the add-ons manager list. It seems to work OK on a couple of sites that I tested.

Interesting. What do you mean with "it seems to work OK on a couple of sites"?

I have downloaded and installed https-everywhere-devel.xpi and https-everywhere-5.0development.4.xpi with a fresh profile; yes, it is installed without an issue but its icon which helps us to control it does not appear in either of the toolbars. That is the problem which PM25+ users struggle with.

https://www.eff.org/files/https-everywhere-devel.xpi
https://www.eff.org/files/https-everywh ... ment.4.xpi

Reminder, https-everywhere-5.0development.4 was released before the current stable release (5.0.1) of the addon.

[SamDman_]

OK

I picked a few sites shown in the httpEverywhere preferences box that appears when you click on the options button shown in the Add-ons Manager Extensions display
for the httpEverywhere extension. (It takes about a minute for this preferences box to appear the first time you click it (while it loads about 10 MB to RAM) Afterwards
this preferences box comes up instantly. Anyway, I set my browser to http://address and it switched to https://address as it is supposed to for these sites.

Regards

[rea987]

I picked a few sites shown in the httpEverywhere preferences box that appears when you click on the options button shown in the Add-ons Manager Extensions display for the httpEverywhere extension. (It takes about a minute for this preferences box to appear the first time you click it (while it loads about 10 MB to RAM) Afterwards this preferences box comes up instantly. Anyway, I set my browser to http://address and it switched to https://address as it is supposed to for these sites.

It seems there is a misconception here; PM25 already has the icon and the preferences of the extension in about:addons page. We need the icon in the toolbars. I attach an example.

[Tailszefox]

The devs would be willing to include back support for PM if someone can be assigned to maintaining it. As in, making fixes for Pale Moon as needed and checking that those changes wouldn't break the Firefox and Firefox for Android versions. See https://github.com/EFForg/https-everywh ... t-89823299 .

I think that would be a better solution than having a whole fork, but of course that means someone will have to take care of maintaining compatibility as needed while being able to test the changes. I have low knowledge in extension programming, so I can't in good faith say I could do it, but if there's already a fork in progress, that means the person(s) working on it could instead focus on maintaining the regular version for PM instead. Would that be doable?

[SamDman_]

OK, I understand

It would be more convenient to have it in the toolbars, but I just put the about:addons page in a pinned tab and
switch to it when I need to black/white list a site. It is just a workaround for missing or non-performing toolbar icons.
I use the same method to control the Performance Bar add-on.

Regards

[New Tobin Paradigm]

squarefractal's fork of HTTPS Everywhere is now LIVE on the Pale Moon Add-ons Site.. So have fun! As well as being subject to Automatic Updates via the Add-ons Manager! If you don't have it then please go to: https://addons.palemoon.org/extensions/privacy-and-security/encrypted-web/. Also, remember to remove the original version before installing as they MAY conflict.

[rea987]

I confirm that it works fine with GNU/Linux version of Pale Moon 25.3.2 (x86). I hope that it will be updated regularly. Thank you squarefractal, Matt A Tobin and all other people who contributed to the extension!