Closed Bug 1670659 Opened 4 years ago Closed 4 years ago

Always HTTPS mode warns user every request instead of adding an exception

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Version:
78 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: cypherpunks, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

  1. Enable always HTTPS mode
  2. Go to some insecure website with many pages
  3. Try to go to another page on same website

Actual results:

Insecure HTTP warning appears every request, making itself annoying

Expected results:

Insecure HTTP warning should appear once, adding an exception

Hey Cypher,
I tried to reproduce this issue on the latest versions of Firefox Nightly 83.0a1 (2020-10-16) but couldn't reproduce it.
I used baidu.com for example; can you give me the sites where this issue is encountered for you?

Can you test the issue while in Safe Mode? You can find helpful info here : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode .
Also a fresh new profile could help. You can find more about creating a new profile here : https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_6-create-a-new-firefox-profile .

Flags: needinfo?(cypherpunks)

(In reply to Andrei Purice from comment #1)

Hey Cypher,
I tried to reproduce this issue on the latest versions of Firefox Nightly 83.0a1 (2020-10-16) but couldn't reproduce it.
I used baidu.com for example; can you give me the sites where this issue is encountered for you?

Can you test the issue while in Safe Mode? You can find helpful info here : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode .
Also a fresh new profile could help. You can find more about creating a new profile here : https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_6-create-a-new-firefox-profile .

You have chosen wrong website. baidu.com has both HTTP and HTTPS versions. You need a website which does not support HTTPS at all. badssl.com has some pages like login form that you can use. Alternatively, you can also enable Always HTTPS mode for local domains and try this on localhost.

Then you need to do some action on insecure website that redirects you to another page of the same website, like clicking the button or link. You should see warning about no HTTPS support again.

I can reproduce this issue on ESR 78 and I have no information on newer versions.

Flags: needinfo?(cypherpunks)

Setting a component for this issue in order to get the dev team involved.
If you feel it's an incorrect one please feel free to change it to a more appropriate one.

Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Severity: -- → S4
Flags: needinfo?(julianwels)
Flags: needinfo?(ckerschb)
Priority: -- → P3
Whiteboard: [necko-triaged]

Hi cypherpunks,

Just to clarify, if you say "pages" do you mean you encounter the error page after navigating between pages like these:
example.com/page1, example.com/page2, example.com/page3
or subdomains like these:
page1.example.com, page2.example.com, page3.example.com.

Also, could you maybe provide an example website where we can reproduce the problem?

Thank you :)

Flags: needinfo?(julianwels)

Moving this over to dom:security.

Blocks: https-only-mode
Component: Networking: HTTP → DOM: Security
Flags: needinfo?(ckerschb)
Whiteboard: [necko-triaged] → [domsecurity-backlog1]

Since the issue was not reproducible and the reporter's account is deactivated I'm going to close this one.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.