This is a simple Firefox extension that redirects the browser to the secure (SSL) version of the user login and edit pages at drupal.org, drupalcon.org, groups.drupal.org and groupsbeta.drupal.org. The thought behind this was that I didn’t want to expose any passwords while using the open wireless network at Drupalcon Boston 2008.

Installation

FAQ

Q: Which pages are secured and which aren’t?

A: Paths that start with /user will be redirected. This includes URLs like http://drupal.org/user and http://groups.drupal.org/user

Q: Why does this extension only redirect the user login and edit pages? Shouldn’t it also redirect the admin pages? What about the other drupal.org sites like scratch.drupal.org?

A: If you’re a drupal.org administrator, let’s hope you’re using a secure VPN or SSH tunnel when logging in instead of using a workaround like this extension.

Q: Firefox keeps warning me that the SSL certificates for drupal.org don’t match and can’t be verified. This is annoying!

A: In Firefox 2.0, try installing the Remember Mismatched Domains extension. In Firefox 3.0 and later, you can create a security exception for specific sites.

Q: Each time I submit a form on drupal.org, the site redirects me away from the SSL version of the site. Why does it do that?

A: Technically, this is because drupal.org has the $base_url variable configured to use http://drupal.org in its settings.php file. The only way for this extension to do anything about this is to rewrite all the form actions on drupal.org. I don’t have plans to do that.

Version history

0.2:
Updated to Firefox 3.0.*
Changed extension name to “secure drupal.org connections”

0.1:
Initial release.