File firefox-ext-force_tls.spec of Package firefox-ext-force_tls
Name: firefox-ext-force_tls
Version: 3.0.0
Release: 1
License: Freeware
Summary: Force-TLS extension for Firefox
Group: Productivity/Networking/Web/Browsers
URL: https://addons.mozilla.org/en-US/addon/12714
Source0: https://addons.mozilla.org/firefox/downloads/file/115149/force_tls-%{version}-fx.xpi
#Hash: sha256:9efd7f89401024a06bc2db8fc3fc15b3d0ee69660afadc314fcd455e36047502
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
Requires: firefox >= %{firefox_version}
BuildRequires: firefox-devel
BuildRequires: unzip
BuildRequires: fdupes
Buildarch: noarch
%description
ForceTLS is an adaptation of the ForceHTTPS protocol by Collin Jackson and Adam Barth, which supports a simple HTTP header in forcing automatic connections to HTTPS connections in the future. Here's how it works:
1. A site x.com served via HTTPS provides a Strict-Transport-Security HTTP header in its response. The header contains a max-age value (how long to remember the forced security) and optionally an includeSubDomains flag.
2. The browser receives this header and adds it to a Force TLS database.
3. In the future, any requests to x.com are modified to be via HTTPS if they are attempted through HTTP before the request hits the network.
4. If any subdomains *.x.com are requested via HTTP and the includeSubDomains flag was set, they are also forced to be HTTPS.
Use this add-on to extend Firefox so that it will listen to Strict-Transport-Security suggestions from web servers. This add-on will enforce secure connections for sites that use the Strict-Transport-Security header.
You can also use the add-on to add your own forcing rules -- to be sure you always visit your favorite sites over HTTPS.
%prep
%setup -qTcn %{name}-%{version}
%build
%install
%firefox_ext_install %SOURCE0
%fdupes "%{buildroot}%{firefox_extdir}"
%clean
rm -rf %{buildroot}
%files
%defattr(0644,root,root,0755)
%{firefox_extdir}
%changelog
