typing in url for my company website sends it to https index page in Firefox, but not IE or Chrome, and the behavoir is not wanted
After upgrading Firefox to version 14.0.1 i noticed when i typed in my company's website address that firefox went to the https:// version of the site when it never did that before.
Example, if you type in amazon.com in the URL bar, you briefly see that firefox turns the url to https://www.amazon.com before being auto directed to the normal www.amazon.com site.
My website did not have a secure index page and people were getting a server generated message until I found this issue out.
Is there a setting in Firefox to prevent the URL bar from selecting a secure connection first? This behavior does not occur in the most recent versions of I.E. or Chrome browsers on a desktop.
Any help would be greatly apprecaited
Избрано решение
Following solution worked for me. Just put following in the .htaccess file on your server and put your domain name instead of domain example below:
- RewriteEngine On
- RewriteCond %{HTTPS} on
- RewriteRule ^$ http://www.example.com/ [R=301,L]
Всички отговори (20)
Here's what I see with the amazon.com example.
As I start typing amazon.com, Firefox recognizes and autofills amazon.com/ (it has a trailing slash). If I press Enter, it goes to https://www.amazon.com/ and then is redirected to http://www.amazon.com/.
If before pressing Enter I delete the trailing slash, it goes straight to http://www.amazon.com/.
Or if I arrow down to or click on a URL from history, then it goes to that URL.
I never get to https on worldmusic.org; I suspect that is because that URL doesn't exist in my browsing history.
So it seems the new autofill feature might have a preference for https connections when there are both http and https matches. I don't think there is a way to change that aspect of its behavior, so you might prefer to disable it completely.
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the filter box, type or paste autofill and pause while the list is filtered
(3) Double-click browser.urlbar.autoFill to toggle it from true to false.
I noticed someone has filed a bug about this: Bug 769994 – Inline autocomplete selects HTTPS domain against HTTP domain by default. If you register on Bugzilla, you can add a vote to fix it if you like. However, please do not post "me too"-type comments in bugs, since that can discourage developers from staying on the cc list and solving it.
I'm trying to think of a solution for you on the server side. I think the redirect you currently have is the best workaround for now.
Избрано решение
Following solution worked for me. Just put following in the .htaccess file on your server and put your domain name instead of domain example below:
- RewriteEngine On
- RewriteCond %{HTTPS} on
- RewriteRule ^$ http://www.example.com/ [R=301,L]
Променено на
That worked thanks so much! Greatly Appreciated...Jeff
The htaccess mod causes an endless redirect loop , I've had developers fix this issue servers idea https:// $1000 has been spent but FireFox FORCES the https://
I don't care if my Firefox shows https:// Its the thousands of customers that see https:// which renders the website useless to them which i'm concerned about.
in short , the bug needs to be fixed , until then I strongly dislike Firefox and am encouring everyone to avoid it.
The htaccess mod causes an endless redirect loop
It shouldn't. What is your htaccess code?
thanks for the suggestion with the .htaccess file. Unfortunately it didn't work for me. I simply entered the code above but no joy.
I'm so surprised that this bug isn't being investigated. I'm about to relaunch a site which did over 14 months ago have https for it's shopping cart. The SSL cert hasn't been installed for the last 12 months (it's not needed anymore, the new site is an online magazine) but this bug means that when the new website goes live on this domain Firefox forces https and so we may lose the all important traffic.
I've used FF for years, I'm beginning to wonder if I should continue to do so.
Exactly my problem , the default https:// in Firefox prevents all FF browsers from checking out on my web store. This has been a bug for about 2 months now and FF aren't doing a damn thing about it.
I've now been forced to tell my users NOT to use FF because of it's BUG.
Hi susiesue,
thanks for the suggestion with the .htaccess file. Unfortunately it didn't work for me. I simply entered the code above but no joy.
What the above rule is designed to do is redirect an https request for the default page (i.e., just / without a page name) to the http default page. In other words:
https://www.example.com/ would be redirected to
http://www.example.com/
(As written it literally redirects to http://www.example.com/, but that's just an example.)
It goes in the .htaccess file in the root of your site. Here's a slightly revised version of it that may be easier to follow. Note that this requires your hosting to have mod_rewrite enabled. I think this usually is enabled.
# Initiate rewriting (once only) RewriteEngine On # Only apply next rule to HTTPS URLs RewriteCond %{HTTPS} =on # Send request to the home page (use HTTP_HOST variable) RewriteRule ^$ http://%{HTTP_HOST}/ [R=301,L]
If you want to do something different with HTTPS requests, for example apply it to various other pages, directories, etc., please describe what you want.
Hello jscher2000,
Thanks for your continued support. Unfortunately the new suggestion does not work for me either.
For each suggestion above I copied exactly the code (obviously ensuring in the first suggestion that I used my own domain!) My server does have rewrite enabled.
There doesn't seem to be a way to solve this. I even asked the team of experts who look after my dedicated server and they can't work it out. This issue of forcing HTTPS only happens in FireFox and no other browser that I've used (Chrome, Safari, Opera and even Camino).
I even tried to redirect to http://www.mydomain.co.uk/pagename/ although that didn't work either.
I'm beginning to think there isn't a solution. I've really enjoyed using FF over the years, but now I feel let down - particularly as this problem means I will lose traffic, which in turn obviously impacts on ratings/google rankings. I've always thought Firefox superior to Safari - but this https issue isn't pleasing me!
If you want to do something different with HTTPS requests, for example apply it to various other pages, directories, etc., please describe what you want.
If possible I simply want to stop FF from from forcing https when no SSL cert is on my domain. Just to ensure I'm making myself clear this is the problem:
Providing a user enters the final "/" everything is good, i.e. www.domainname.co.uk/
but it they enter domain.co.uk without the end "/" the https is forced.
I'd love a working solution to this.
I said . . ."but it they enter domain.co.uk without the end "/" the https is forced. " This isn't quite right. I should have said . . . https is forced if they use autocomplete in the browser
Hi susiesue, HTTPS shouldn't be forced if there is no record of past HTTPS access for your domain in your history. I'm not sure what it takes to purge past records, whether you can simply "forget this site" or whether Firefox retains some additional knowledge.
Could you test in a new profile, which would not contain any of your past history (and would be faster to try different methods of clearing history)? You can create a new profile by starting up in the profile manager and clicking Create. You also would use the profile manager to switch back to your normal profile after testing.
This article describes the profile manager: Profile Manager - Create, remove or switch Firefox profiles. I would avoid removing any profiles until you are 110% certain you don't need them.
Thanks again jscher2000.
I don't fancy playing around in the terminal of my Mac at the moment, so I won't be trying to add a new profile for now. The thing is that my customers, many of whom I'm sure will not be so happy to attempt such changes, or simply won't know how to make them - will not make changes to their Firefox profiles and so the problem remains. It's not a matter of making FF right for me as an individual - I'd like it right for my website viewers/traffic.
My traffic will be lower than it should be because users of FF are being sent to htpps: instead of http://www.domain.co.uk
There was a past history of https for the domain but that was about 12-14 months ago. About that time I moved server (which resulted in an IP address change too) and did not install the SSL cert. So somewhere in FF it seems to be remembering the https for a long time ago (it certainly hasn't had the SSL from September 2011). I've cleared the cache, the history - everything - but the problem still exists.
I would love to see a solution to this - it must be a Firefox bug.
Anyway as mentioned above thanks again for your suggestion - your help is appreciated.
Hi susiesue, as noted above, someone has filed a bug about this: Bug 769994 – Inline autocomplete selects HTTPS domain against HTTP domain by default. If you register on Bugzilla, you can add a vote to fix it if you like.
Action on the bug doesn't seem to be moving very quickly, so in the short run, I'd still like to find a server-side solution somehow...
I have the exact same problem as a web master. I have attempted to redirect server side with the little .htaccess script, but it does not work.
My host's support writes this:
" There is no SSL certificate installed on your domain, so any SSL request on your domain will be caught by our default ssl virtual host that points to our (the host's) default page.
The reason that your .htaccess doesn't work is that Apache doesn't send the request to YOUR public_html folder but instead to the SERVER'S standard public_html folder (for the reason mentioned above) "
Is this normal host behaviour? Basically, we can't do anything. The site in question does not need a secure connection (no payments or sensitive data is involved) and we do not need an SSL certificate.
We just want all users to go to http - also with Firefox. Please note that we have never put any content under HTTPS, so I don't understand why Firefox still defaults to this.
Hi anderso, thank you for posting the explanation from your host; such differences in configuration may explain the mixed results achieved by other users.
Please note that we have never put any content under HTTPS...
If a user has never visited your site using an HTTPS url, then autofill should not suggest one. Have you received any complaints from nonprivileged users?
Thanks, jscher. No, no complaints, but that's probably because the site is still in development and we currently only have a static about page on the domain. So at the moment traffic is limited anyway. But after launching the real site in January, we expect quite high traffic.
I still don't understand why autofill on my Firefox takes me to HTTPS as I would never have gone there myself. There has never been anything but an about-page on that domain.
I will update here if we find a solution and/or get interesting complaints from users.
This is an extremely annoying bug in the current versions of Firefox.
As a developer , I am frequently testing urls - and I need to now that the browser obeys the protocol I specified. Quite often a home page is not designed to be reached over ssl at all- but because a sub page was reached over ssl in the history- then Firefox thinks it should load the home page over ssl.
When I specify "http" - and the page is redirected to "https" - it makes it very difficult to test the page.
Also - frequently in development - the SSL certificate will be on the live server , but not on the production. So if I have configured www.test.com to go to the test ip address - then firefox will try an SSL that does not exist.
Similarly - if I have both a live and a test url (www.test.com and dev.test.com), then Firefox will sometimes attempt to use https://dev.test.com This can result in Firefox goes to the completely wrong website - it gets the live version instead of the test one (Where every other browser gets the correct one)
For a user using Firefox - I had to make a url that wasn't in their history https://dev.test.com/login2.php - just so Firefox wouldn't take them to the wrong site.
You can set the browser.urlbar.trimURLs pref to false on the about:config page to see the http: protocol on the location bar and in the pop-up if you hover a link.
- https://developer.mozilla.org/en/Mozilla/Preferences/Preference_reference/browser.urlbar.trimURLs
- https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.urlbar.formatting.enabled
You can set the Boolean pref browser.urlbar.autoFill to false on the about:config page to disable auto-complete in the location bar.
See "Prevent Firefox from automatically completing URLs":