Always HTTPS mode warns user every request instead of adding an exception
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: cypherpunks, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
- Enable always HTTPS mode
- Go to some insecure website with many pages
- Try to go to another page on same website
Actual results:
Insecure HTTP warning appears every request, making itself annoying
Expected results:
Insecure HTTP warning should appear once, adding an exception
Comment 1•4 years ago
|
||
Hey Cypher,
I tried to reproduce this issue on the latest versions of Firefox Nightly 83.0a1 (2020-10-16) but couldn't reproduce it.
I used baidu.com for example; can you give me the sites where this issue is encountered for you?
Can you test the issue while in Safe Mode? You can find helpful info here : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode .
Also a fresh new profile could help. You can find more about creating a new profile here : https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_6-create-a-new-firefox-profile .
Reporter | ||
Comment 2•4 years ago
|
||
(In reply to Andrei Purice from comment #1)
Hey Cypher,
I tried to reproduce this issue on the latest versions of Firefox Nightly 83.0a1 (2020-10-16) but couldn't reproduce it.
I used baidu.com for example; can you give me the sites where this issue is encountered for you?Can you test the issue while in Safe Mode? You can find helpful info here : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode .
Also a fresh new profile could help. You can find more about creating a new profile here : https://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_6-create-a-new-firefox-profile .
You have chosen wrong website. baidu.com has both HTTP and HTTPS versions. You need a website which does not support HTTPS at all. badssl.com has some pages like login form that you can use. Alternatively, you can also enable Always HTTPS mode for local domains and try this on localhost.
Then you need to do some action on insecure website that redirects you to another page of the same website, like clicking the button or link. You should see warning about no HTTPS support again.
I can reproduce this issue on ESR 78 and I have no information on newer versions.
Comment 3•4 years ago
|
||
Setting a component for this issue in order to get the dev team involved.
If you feel it's an incorrect one please feel free to change it to a more appropriate one.
Updated•4 years ago
|
Comment 4•4 years ago
|
||
Hi cypherpunks,
Just to clarify, if you say "pages" do you mean you encounter the error page after navigating between pages like these:
example.com/page1
, example.com/page2
, example.com/page3
or subdomains like these:
page1.example.com
, page2.example.com
, page3.example.com
.
Also, could you maybe provide an example website where we can reproduce the problem?
Thank you :)
Comment 5•4 years ago
|
||
Moving this over to dom:security.
Comment 6•4 years ago
|
||
Since the issue was not reproducible and the reporter's account is deactivated I'm going to close this one.
Description
•