Reject filter list downloads over unencrypted HTTP
Background
Currently, it is possible to add filter lists with a http://
URL, which are vulnerable to man in-the-middle attacks and other security threats.
What to change
Immediately mark the filter download as failed, without sending a request, if the URL uses the http:
protocol.
Integration notes
Unencrypted HTTP downloads are no longer supported and will give an error.
The /subscriptions page lists some subscriptions with http://
URLs. We may want to change these to https://
after informing the filter list authors and helping them migrate if required.
The UI may want to validate subscription URLs (cc: @ThomasGreiner).
Hints for testers
On the options page, add a subscription with an http://
URL to a remote host. The sync should fail with an error saying "invalid URL" or something to this effect. Add a subscription with an https://
URL and see that it syncs successfully and the filters in the subscription work.
Add subscriptions with http://127.0.0.1
and http://localhost
URLs (unencrypted HTTP but to localhost
) and see that they still work.