-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] entering a url or domain name opens a http connection not https #4293
Comments
Thank you for opening an Issue in our Repository. |
Hello! Thanks for your report. This feature is actually working as intended as we also don't want to increase site breakages by assuming https option always exists. For more information, you can also read through https://spreadprivacy.com/duckduckgo-smarter-encryption/. |
I disagree.. |
@PJVervoorn we already check with our smarter encryption db. If you believe netscape.com or other domains are missing from the db you can open an issue in https://github.com/duckduckgo/smarter-encryption although I see netscape.com redirects to aol which loads with https. |
@marcosholgado I have done a bit of testing. |
Describe the bug
When I enter a url (or domain name) in the address/search bar, it opens a connection via port 80.
This is a security (and privacy) issue.
Most sites will automatically redirect to https, but that is possibly too late...
Since i have blocked port 80 on the firewall, duckduckgo browser can’t load the page.
How to Reproduce
Enter a domain name (without protocol), i.e. netscape.com
Expected behavior
Expected is that https is the default protocol; it should be tried first (or only?)
Environment
The text was updated successfully, but these errors were encountered: