Context-based HTTPS forcing?
Posted: Thu Nov 18, 2010 9:14 pm
I'm using a fair number of sites that like to pretend they're fully SSL-secured; and they're not. Apart from the fact it's kind of a terrible idea to include Flickr content in SpringPad at all, or amazonaws.com content in Twitter at all, it's also being served via HTTP to an "HTTPS" site. 
It's not much of a Band-Aid, but is there a way to—or could NoScript be enhanced to—force some of the Big Web Farm content to HTTPS only if the embedding site is HTTPS-"secured"?
Best possible example: HTTPS Twitter includes HTTP twimg.com content; if I just force HTTPS for twimg.com, some other websites / webapps break.
Once again, relying on NoScript to fix brain-dead websites when the operators just close support tickets without answering them...
PS: Silly regex question: what's the best way to create a single-line expression for "all http://site.com/.* OR http://subdomain.site.com/.* content?
It's not much of a Band-Aid, but is there a way to—or could NoScript be enhanced to—force some of the Big Web Farm content to HTTPS only if the embedding site is HTTPS-"secured"?
Best possible example: HTTPS Twitter includes HTTP twimg.com content; if I just force HTTPS for twimg.com, some other websites / webapps break.
Once again, relying on NoScript to fix brain-dead websites when the operators just close support tickets without answering them...
PS: Silly regex question: what's the best way to create a single-line expression for "all http://site.com/.* OR http://subdomain.site.com/.* content?