Unable to Disable "Security Warning" When Moving from HTTPS to HTTP



7 years ago
2 years ago


(Reporter: robcthegeek.public, Unassigned)


8 Branch
Mac OS X

Firefox Tracking Flags

(Not tracked)



(1 attachment)



7 years ago
Created attachment 586782 [details]
about_config security settings.png

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7

Steps to reproduce:

Firefox Version: 8.01 on OSX Lion.

Currently developing an app that uses PayPal. During development, we don't have SSL on the boxes that run the cucumber specs. During these specs, we go through the PayPal payment process that runs over HTTPS. At the end of this process, the user is redirected back to our application (running on HTTP). This is fine since it is only like this during development.

Actual results:

However, for our cucumber specs to pass, we need *not* to get the "security warning (although this page is encrypted...)" about moving from secure to insecure.

My first movement was to about:config where I disabled "security.warn_entering_weak". This sadly did not work.

I then took the hammer-and-egg approach and disabled ALL of them.

Still no avail. I still receive the warning no matter what I do. I have also tried restarting Firefox entirely. I can confirm the settings are saved and loaded correctly, they just don't seem to have any effect.

Expected results:

The security warning should no longer appear once disabled in "about:config".


7 years ago
Summary: Unable to Disabled "Security Warning" When Moving from HTTPS to HTTP → Unable to Disable "Security Warning" When Moving from HTTPS to HTTP
It is possible that you have a http post from a https page ?
You can't disable that warning.

Look here:

Comment 2

7 years ago
I don't think so - the form is on PayPals side and is posting over HTTPS. From what I can tell it then just redirects to whatever URL we have specified (in this case a HTTP address).

Since this my particular case is working with PayPal I can't give you demo steps, but anyone registered as a developer can set up a sandbox and see for themselves:

1. Create a "Pay now' button.
2. For the "success" URL, redirect to localhost (using HTTP).
3. Spin up a web app, hosting the "pay now" button (HTTPS form).

Click the button, run through the sandbox process, then you should get the error (which as far as I can tell, should be able to be disabled?).
Most of the annoying prompts have been removed (at least in Firefox Nightly). Please try it out in Firefox Nightly and let us know if you are still having the issue.
Component: Untriaged → Security: UI
Product: Firefox → Core

Comment 4

3 years ago
Hi Rob,

Is this still an issue?

As noted in comment 3, several of these prompts were removed (see Bug 799009).
Flags: needinfo?(robcthegeek.public)

Comment 5

3 years ago
It's been a while without a response, so I'll close this as incomplete for now.
Feel free to reopen if this is still an issue.
Last Resolved: 3 years ago
Flags: needinfo?(robcthegeek.public)
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.