diff --git a/chromium/background.js b/chromium/background.js
index 1e28a4f8c534..7a16ba9fb19f 100644
--- a/chromium/background.js
+++ b/chromium/background.js
@@ -259,14 +259,12 @@ function onBeforeRequest(details) {
   const uri = new URL(details.url);
 
   // Should the request be canceled?
-  var shouldCancel = (
-    httpNowhereOn &&
-    uri.protocol === 'http:' &&
-    !/\.onion$/.test(uri.hostname) &&
-    !/^localhost$/.test(uri.hostname) &&
-    !/^127(\.[0-9]{1,3}){3}$/.test(uri.hostname) &&
-    !/^0\.0\.0\.0$/.test(uri.hostname)
-  );
+  const shouldCancel = httpNowhereOn &&
+    uri.protocol !== 'https:' &&
+    uri.hostname.slice(-6) !== '.onion' &&
+    uri.hostname !== 'localhost' &&
+    !/^127(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9]{1,2})){3}$/.test(uri.hostname) &&
+    uri.hostname !== '0.0.0.0';
 
   // Normalise hosts such as "www.example.com."
   var canonical_host = uri.hostname;
@@ -338,26 +336,20 @@ function onBeforeRequest(details) {
                          newuristr);
   }
 
-  if (httpNowhereOn) {
-    // If loading a main frame, try the HTTPS version as an alternative to
-    // failing.
-    if (shouldCancel) {
-      if (!newuristr) {
-        return {redirectUrl: canonical_url.replace(/^http:/, "https:")};
-      } else {
-        return {redirectUrl: newuristr.replace(/^http:/, "https:")};
-      }
-    }
-    if (newuristr && newuristr.substring(0, 5) === "http:") {
-      // Abort early if we're about to redirect to HTTP in HTTP Nowhere mode
-      return {cancel: true};
-    }
+  const resultUrl = new URL(newuristr || details.url);
+
+  // If loading a main frame, try the HTTPS version as an alternative to
+  // failing.
+  if (shouldCancel && details.type === 'main_frame' && resultUrl.protocol === 'http:') {
+    resultUrl.protocol = 'https:';
+    return { redirectUrl: resultUrl.href };
   }
 
-  if (newuristr) {
-    return {redirectUrl: newuristr};
+  // We only allow HTTPS rewrite targets.
+  if (newuristr && newuristr.substring(0, 5) === "https:") {
+    return { redirectUrl: newuristr };
   } else {
-    return {cancel: shouldCancel};
+    return { cancel: shouldCancel };
   }
 }
 
@@ -504,7 +496,7 @@ function onBeforeRedirect(details) {
 
 // Registers the handler for requests
 // See: https://github.com/EFForg/https-everywhere/issues/10039
-wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["*://*/*"]}, ["blocking"]);
+wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["http://*/*", "https://*/*", "ftp://*/*"]}, ["blocking"]);
 
 
 // Try to catch redirect loops on URLs we've redirected to HTTPS.
diff --git a/chromium/manifest.json b/chromium/manifest.json
index 8ffee79fbd75..35904511a9f8 100644
--- a/chromium/manifest.json
+++ b/chromium/manifest.json
@@ -38,13 +38,15 @@
         "page": "options.html"
     },
     "permissions": [
-        "webNavigation",
-        "webRequest",
-        "webRequestBlocking",
-        "tabs",
-        "cookies",
-        "storage",
-        "*://*/*"
-    ],
+        "webNavigation", 
+        "webRequest", 
+        "webRequestBlocking", 
+        "tabs", 
+        "cookies", 
+        "storage", 
+        "http://*/*",
+        "https://*/*",
+        "ftp://*/*"
+    ], 
     "version": "2017.8.19"
 }
\ No newline at end of file