Firefox forces HTTPS when remember history is disabled
Categories
(Core :: DOM: Security, defect)
Tracking
()
People
(Reporter: gfbeard, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
Tried to access a a web site at http://www.bom.gov.au (Australian Bureau of Meteorology). (This web site does NOT support HTTPS)
The web site returned an error page stating that HTTPS connections are NOT supported.
I have NOT enabled HTTPS Only mode in Firefox settings.
I have configured Firefox to not remember history.
It appears that Firefox is forcing a HTTPS connection to the site.
Actual results:
When I configure Firefox to remember history I can now successfully access the web site (using HTTP)
|
||
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
|
||
Comment 2•3 years ago
|
||
The "Don't remember history" setting is essentially turning on permanent Private Browsing, and in Firefox 91 we turned on "HTTPS First" (similar to https only) for Private Browsing pages: https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
(This web site does NOT support HTTPS)
Sadly for us, their server does support HTTPS, enough to give you that message, so we can't tell it doesn't support HTTPS. If they actually didn't support it our fallback mechanism would work
When you go to the site, click in the icon next to the URL and in the drop-down set the HTTPS-only mode to permanent, and then it should work in Private Browsing with no more fuss.
Description
•