Skip to content

freedomofpress/securedrop-https-everywhere-ruleset

Folders and files

NameName
Last commit message
Last commit date
Jan 3, 2025
Aug 19, 2021
Jan 31, 2025
Sep 30, 2024
Dec 18, 2023
Sep 30, 2024
Jan 3, 2025
Sep 30, 2024
Jun 30, 2021
Jul 9, 2021
Jul 9, 2021
Nov 24, 2021
Dec 22, 2021
Jan 19, 2022
Feb 7, 2022
Feb 7, 2022
Mar 17, 2022
Apr 13, 2022
Apr 22, 2022
Sep 2, 2022
Oct 7, 2022
Nov 8, 2022
Nov 30, 2022
Dec 14, 2022
Mar 6, 2023
Mar 27, 2023
Jun 29, 2023
Sep 27, 2023
Nov 7, 2023
Jan 11, 2024
Jan 24, 2024
Feb 9, 2024
Jun 18, 2024
Jul 24, 2024
Sep 19, 2024
Sep 26, 2024
Jan 23, 2025
Jan 31, 2025
Jan 31, 2025
Jan 4, 2022
Jan 31, 2025
Jan 31, 2025
Jan 4, 2022
Jan 3, 2025
May 27, 2021
Jan 3, 2025
May 26, 2021
Jun 30, 2021
Jul 9, 2021
Jul 9, 2021
Nov 24, 2021
Dec 22, 2021
Jan 19, 2022
Feb 7, 2022
Feb 7, 2022
Mar 17, 2022
Apr 13, 2022
Apr 22, 2022
Sep 2, 2022
Oct 7, 2022
Nov 8, 2022
Nov 30, 2022
Dec 14, 2022
Mar 6, 2023
Mar 27, 2023
Jun 29, 2023
Sep 27, 2023
Nov 7, 2023
Jan 11, 2024
Jan 24, 2024
Feb 9, 2024
Jun 18, 2024
Jul 24, 2024
Sep 19, 2024
Sep 26, 2024
Jan 23, 2025
Jan 31, 2025
Jan 31, 2025
Sep 30, 2024
Jul 1, 2020

Repository files navigation

By contributing to this project, you agree to abide by our Code of Conduct.

HTTPS-Everywhere Rulesets for SecureDrop

securedrop-https-everywhere-ruleset is used to create a signed HTTPS Everywhere ruleset that maps full-length .onion addresses to user-friendly onion names for some news organizations listed in the SecureDrop directory. Any time a new onion name is approved, we add its mapping to our HTTPS Everywhere ruleset and deploy it to https://securedrop.org/https-everywhere-2021/ . Tor Browser automatically includes our ruleset in the default HTTPS Everywhere extension and checks for updates on startup.

Development

First, install poetry and run poetry install --with=dev.

You can create a test key for signing using:

make test-key

which will create test-key.jwk in your current working directory.

Updating Rulesets

Adding a new organization

  1. Ensure they are in the official SecureDrop directory. If they are not, go through the IVF process with the organization.

  2. Add their domain name and the requested URL to the onboarded.txt via PR into this repository. We match the domain based on the landing page of the organization, comparing the netloc in a URL with structure scheme://netloc/path;parameters?query#fragment.

  3. Next, generate the updated ruleset with make generate and review the output.

  4. Once satisfied, you can sign it with make sign (requires signing key, please ping a key holder for assistance).

  5. Commit all files generated by the script above and open a Pull Request to this repository. Once the PR is merged, the rulesets will automatically be deployed to production.

Verifying changes

Inspect the diff. If it looks good, commit the resulting index.html and all files to be served. To test locally, run

make serve

And configure your browser to use http://localhost:4080/https-everywhere/.

Deployment

Upon merge the container will be published to quay.io/freedomofpress and the new tag will be deployed automatically.