Firefox does not respect explicit request http://domain.com:80
It seems Firefox likes to redirect to https a litttle too much.
The issue is not the redirection, it's that even when the user EXPLICITLY specifies HTTP://domain.com:80
Looking at similar questions on this issue I've discovered Firefox does a behind-the-scenes redirection if you've previously been to https://domain.com, or if you have a bookmark containing that domain with https in it.
We have resources such as https://router.domain.com that redirect to 443 from port 80 automatically themselves, but then we also have http://intranet.domain.com that does not have HTTPS set up (yes, I can do it, but it takes time and work and I need to get my users up and running quickly)
I know it's possible to modify about:config to change this behaviour, but I don't want to change it (especially for every user's firefox browser) except for this one site.
Question #1: Is it possible to delete the "cache" Firefox has HTTPS for one site, without disabling the feature for all other sites?
(FF thinks HTTPS://domain.com exists, it doesn't, how can I make it forget? If I test with a Private Window in FF it finds the HTTP site successfully.)
Issue #1: Why is it not possible for me to tell FF explicitly to use http://domain.com:80 ? Even if it can't find domain.com:80 and goes looking at port 443 for a possible site (not a bad behavior), if I explicitly request port 80 it should not look any further and tell me site not found, until I explicitly request https://domain.com
Thank you for all your help!
Chosen solution
See also:
Firefox stores such data in the moz_hosts table in the <strike>places.sqlite</strike> permissions.sqlite database file as type of sts/use and sts/subd.
You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "You can use the "View > Sidebar" menu. You can find a "Show sidebars" button in the Customize palette.
- "3-bar" menu button > Customize
- View > Toolbars > Customize
> History") or via the about:permissions page.
Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious. If you have a password or other data from that domain that you do not want to lose then make sure to backup this data or make a note.
You can't recover from this 'forget' unless you have a backup of the involved files.
If you revisit a 'forgotten' website then data from that website will be saved once again.
Read this answer in context 👍 1All Replies (3)
Update: FYI, we also had a little DNS issue that has since been resolved, our FF users can now successfully get http://domain.com with no issues.
I would consider my question low priority at this point.
However, it would be nice to know that when you explicitly define port 80, it gives a different message/better feedback letting you know it tried all it could on port 80, but just couldn't make it work. That would help me identify the problem was elsewhere more quickly, and not go barking up the wrong tree :)
I definitely appreciate all the efforts, and if I was wrong or if there was a method I failed to try, it would be great to tell me so I know for next time! Ty everybody!
When Firefox receives a Strict-Transport-Security header for a site, it stores that for future visits to the same host. Based on previous threads, that seems to be regardless of port number.
But I'm not sure why if router.domain.com sends a Strict-Transport-Security header for that host name, that should affect intranet.domain.com, which is a different host. Perhaps if it sets "include subdomains"?
You can use Firefox's web console to inspect the headers on a response from router.domain.com and see (Ctrl+Shift+k or Developer menu). Click the link to the request for the page and a viewer should pop up. I have attached an example screenshot for Google's login page.
Chosen Solution
See also:
Firefox stores such data in the moz_hosts table in the <strike>places.sqlite</strike> permissions.sqlite database file as type of sts/use and sts/subd.
You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "You can use the "View > Sidebar" menu. You can find a "Show sidebars" button in the Customize palette.
- "3-bar" menu button > Customize
- View > Toolbars > Customize
> History") or via the about:permissions page.
Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious. If you have a password or other data from that domain that you do not want to lose then make sure to backup this data or make a note.
You can't recover from this 'forget' unless you have a backup of the involved files.
If you revisit a 'forgotten' website then data from that website will be saved once again.
Modified