Search Support

Beware of phishing attacks: Mozilla will never ask you to call a number or visit a non-Mozilla website. Please ignore such requests.

Learn More

Unwanted http redirecting to https

  • 3 odgovori
  • 1 ima ovaj problem
  • 12 views
  • Posljednji odgovor poslao jlevitas16

more options

I will give one example of many. In the past, I must have accidentally typed https://mail.wizathon.com. The correct URL is http://mail.wizathon.com. Now when I try to get to the http version, Firefox automatically switches it to https, which fails. To fix this, I have always gone to Options -> Privacy -> Clear Site Settings and poof, the http version would work. I have tried this, I have tried "forgetting the site", I have looked in my profile and the site isn't listed there, I have tried Refreshing my Firefox, I have gone into my about: config and updated the htsc to false. I am out of options. Something happened in the last 2 weeks to cause this unwanted behavior.

Izabrano rješenje

It's not you, it's Firefox: wizathon.com is on the built-in HSTS preload list. You can see it in the search results here:

https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false

(the .inc file is huge, so I did not link directly to that)

More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security

There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box above the list, type or paste stricttran and pause while the list is filtered

(3) Double-click the network.stricttransportsecurity.preloadlist preference to switch the value from true to false (not recommended)

Pročitajte ovaj odgovor sa objašnjenjem 👍 0

All Replies (3)

more options

Odabrano rješenje

It's not you, it's Firefox: wizathon.com is on the built-in HSTS preload list. You can see it in the search results here:

https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false

(the .inc file is huge, so I did not link directly to that)

More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security

There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box above the list, type or paste stricttran and pause while the list is filtered

(3) Double-click the network.stricttransportsecurity.preloadlist preference to switch the value from true to false (not recommended)

Helpful?

more options

I think the problem in this case is that the preload list has the base domain. There is a valid certificate for www.wizathon.com but not for the mail subdomain.

I don't know whether that is a temporary problem (oversight in renewing the SSL cert) or a very bad configuration -- who provides webmail access on an insecure connection?!

Could you raise this question with the site?

Helpful?

more options

This finally answered my question and resolved my problem. Thank you!

Helpful?

Postavite pitanje

Morate se prijaviti na račun da biste odgovarali na poruke. Molimo postavite novo pitanje, ako još uvijek nemate račun.