Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

How do I stop firefox from forcing me to visit a https version of a page

  • 10 відповідей
  • 8 мають цю проблему
  • 6 переглядів
  • Остання відповідь від THRT

more options

When I revisit a site where I have accessed a page via https, FF automatically connects me via HTTPS even if I explicitly ask for HTTP. It is driving me nuts - to the point where I'm actually thinking switching to Chrome is a good idea.

For example, I visit http://www.onlineshop.com which is served via HTTP. At checkout, the site serves the pages over HTTPS.

Whenever I visit http://www.onlineshop.com again, FF automatically forwards me to https://www.onlineshop.com.

This happens for all websites, and it has only started to happen after the latest update to FF. I can't use a server based solution (as this isn't to do with a specific website).

I've tried changing Autofill in the settings - but it isn't an autofill problem. It isn't a problem of what I type in, its a problem of FF forwarding me to the https version of any site.

I've deleted all me cookies, reset all my settings etc but no luck.

Thanks

When I revisit a site where I have accessed a page via https, FF automatically connects me via HTTPS even if I explicitly ask for HTTP. It is driving me nuts - to the point where I'm actually thinking switching to Chrome is a good idea. For example, I visit http://www.onlineshop.com which is served via HTTP. At checkout, the site serves the pages over HTTPS. Whenever I visit http://www.onlineshop.com again, FF automatically forwards me to https://www.onlineshop.com. This happens for all websites, and it has only started to happen after the latest update to FF. I can't use a server based solution (as this isn't to do with a specific website). I've tried changing Autofill in the settings - but it isn't an autofill problem. It isn't a problem of what I type in, its a problem of FF forwarding me to the https version of any site. I've deleted all me cookies, reset all my settings etc but no luck. Thanks

Усі відповіді (10)

more options

42.0 is out, is the issue still there?

Other than that, I am seeing a bug that might explain things and remains unconfirmed, https://bugzilla.mozilla.org/show_bug.cgi?id=1164262. And of course the answer in https://support.mozilla.org/en-US/questions/935614 with the about:config preference changes.

more options

There are some sites which send Firefox a flag to always use HTTPS, this is the Strict Transport Security (or STS or HSTS) feature and follows the pattern you describe (it only kicks in after you use HTTPS on the site). I'm not sure that "site preference" survives the Refresh procedure (if that's how you reset settings).

But there are many sites that do not send this flag and allow you to use either. For example:

https://jeffersonscher.com/res/jstest.php

http://jeffersonscher.com/res/jstest.php

Are you able to delete the "s" from https in order to load the non-secure version of the page? If you can't, are you sure you don't have an extension like HTTPS Everywhere overriding the normal behavior?

more options

You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "View > Sidebar > History") or via the about:permissions page.

Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious. If you have a password or other data from that domain that you do not want to lose then make sure to backup this data or make a note.

You can't recover from this 'forget' unless you have a backup of the involved files.

If you revisit a 'forgotten' website then data from that website will be saved once again.

more options

Hi jscher2000,

Thanks for the reply.

I don't have the problem when I visit your site. So it is probably to do with STS.

It isn't caused by an extension. I've disabled all, and I still get the bug.

Even if I type in "http://" explicitly, I still get redirected to the https version.

Phoxuponyou - I've just upgraded to 42.0 and I still get the bug. Its a relatively recent thing so it is probably related to an upgrade to 41. 2 that has stayed.

cor-el - Thanks for the answer, but it just isn't practical to "forget" every site every time I visit one. I also don't want to clear all my cookies all the time. They're useful.

more options

Are there particular sites where you want to use HTTP but the site forces HTTPS? Certainly Google and Facebook do that, but others such as Amazon only use HTTPS for some steps in the process and actually redirect to HTTP for most pages.

more options

I'm looking at www.netlawman.co.uk. I'm using a virtual machine (my work set-up) at the moment, and I have the bug. If I use my real PC under the same circumstances then it doesn't happen.

All settings are the same - Win 7, Firefox 42.0, Avira Antivirus (using Windows Firewall), AV plugins and extensions disabled. It doesn't happen with IE or Chrome on the same two systems.

It seems like it could be the bug Phoxuponyou links to. It sounds very similar anyway.

more options

Firefox stores STS data in the moz_hosts table in the permissions.sqlite database file as type of sts/use and sts/subd. You can search the permissions.sqlite database with the SQLite Manager extension for Strict-Transport-Security (sts) records from a specific host (domain).

  • open the permissions.sqlite database in the current profile folder
  • select the moz_hosts table
  • go to the Browse and Search tab
  • click the search button
  • set the host (TEXT) filter to "contains": "<host_name>"
  • set type (TEXT) field to "contains": "sts"
  • click OK to start the search
more options

Since the issue only occurs in the VM, perhaps there is a proxy that is affecting the headers? Definitely a challenge to investigate.

more options

I cannot replicate the issue on my Firefox 41.0.2 in Win7HP64 by visiting www.netlawman.co.uk.

I can go in on HTTP, then try to sign in (HTTPS turns on), go to Basket (HTTPS stays on), and exit Firefox. When I go back to the URL without defining the protocol in the address I get the standard HTTP front page. Same result whether I type the URL or click the link in this thread, or whether I go back to plain HTTP before exiting Firefox.

Since it's a VM environment, the routing scenario is not exactly standard - but as jscher said, Firefox should only take issue with the headers/flag. One place to start looking would be the table pointed out by cor-el.

more options

jscher2000 - It shouldn't be a VM issue should it, as other browsers work fine. It is also a very recent problem. I've been using FF for years in this VM and it has been fine.

Phoxuponyou - if it is the same issue that was reported and you pointed me to, then it only seems to affect some users. Perhaps I am one of those users.

cor-el - I downloaded the plug-in and "connected" to the database you suggested under my "Roaming" profile (the database doesn't exist under the other two profiles). The file size is 128kb, which is much smaller than any of the other databases in that folder. In the database, I have 1 maser table, 3 tables and no views, indexes or triggers. I search the moz_hosts file as you say. I enter the information you told me to enter, press OK and it returns no results. Regardless of what I enter, there are no results (i.e. if I enter type contains sts and leave the host field blank). Could this table be empty? I've checked the database integrity and it is fine. But if I try to explore for data, there doesn't seem to be any.

I've also remembered that I have had FF crashing fairly often as well recently. On loading a webpage, it just crashes and exits out. I then have to reload. Perhaps not the most helpful report by me, but it might be relevant.