Closed Bug 1949624 Opened 9 months ago Closed 8 months ago

HTTPS-first mode can't be turned off

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
Firefox 135
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: 2048596, Unassigned, NeedInfo)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0

Steps to reproduce:

Open an http website link by firefox v135.0.1, error code PR_END_OF_FILE_ERROR,it works in v135.0.0

Actual results:

In version 135.0.1, all http links are automatically converted to https links, even if the HTTPS-only mode is not enabled.Using the edge browser, everything works fine,

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Security
Product: Firefox → Core

I think you're saying "HTTPS-only works when I don't want it to", not that it "doesn't work". But I suspect this is a different problem.

Open an http website link by firefox v135.0.1, error code PR_END_OF_FILE_ERROR,it works in v135.0.0

I can't reproduce that, for example this works fine: http://scripting.com/
Do you have specific sites that are broken?

None of the changes between 135.0 and 135.0.1 appear to relate to this functionality

It's possible you have been part of an experiment with a feature we call "Https-first" (called "HTTPS upgrades" in the web specifications). This feature has already shipped in Chrome, and I would have assumed Edge also since that is based on chromium. The PR_END_OF_FILE_ERROR is sometimes seen when Firefox tries to use HTTPS to connect to an HTTP server so that would possibly fit, but the HTTPS-first feature is supposed to silently retry "http:" if it hits that error and you shouldn't see it.

If you have specific public sites where you see this error please let us know what they are. We very much want to figure out where the bug is.

You can check to see if you are in the experimental group by

  • open the page about:studies
  • look at the list and see if you see a study called "HTTPS-First in Release"

You can turn off that study by clicking the Remove button (you can't reverse this though: once it's off it's off). If you do that let us know if that makes a difference or not. You can turn off all studies in about:settings if you want.

Flags: needinfo?(2048596)
Summary: HTTPS-only mode is not work → HTTPS-only mode can't be turned off

HTTPS-First can be disable by typing a URL with an explicit http:// in front.

It looks as if this is a site-specific issue. We could help troubleshoot this some more if you could share the URL of the site you were trying to reach.

Summary: HTTPS-only mode can't be turned off → HTTPS-first mode can't be turned off
Status: UNCONFIRMED → RESOLVED
Closed: 8 months ago
Resolution: --- → INCOMPLETE

error code PR_END_OF_FILE_ERROR

That error is a common symptom of some misconfigured intermediary, like a VPN or local security software that intercepts connections to scan them. If you're still here, seek help for your particular situation at https://support.mozilla.org

If it turns out there is a bug in Firefox 135.0.1 they will be able to gather the information we need and create a bug we can make progress on.

You need to log in before you can comment on or make changes to this bug.