Cannot connect to website through HTTP after viewing it with HTTPS once.
If I view a website with SSL (https). If I later need to use it without ssl (http) I cannot, I am forced to use https. If you must know why this is necessary, it is because one website "https://example.com" actually has ssl certificates correctly setup, whereas another website which is a subdomain "http://mysubdomain.example.com" does not have certificates set up because it is hosted elsewhere. So when I try to connect to "mysubdomain.example.com" firefox forces me to use https, at which point the site fails to load because it cannot offer me an SSL version of the page. The only solution I've found is to clear all of the temporary data from my browser and then restart the browser. At which point I can then use "http://mysubdomain.example.com" however if I ever go to "httpS://example.com", I can nolonger use the subdomain because I am again forced to use httpS. Is there a way that I can prevent this behaviour?
Ausgewählte Lösung
This one works for me. https://addons.mozilla.org/en-US/firefox/addon/enforce-encryption/
Diese Antwort im Kontext lesen 👍 1Alle Antworten (6)
hello, there are ways for websites to specify that they or their subdomain should only be used through https: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
you may use the https://addons.mozilla.org/firefox/addon/force-tls/ addon in firefox to manage those sites.
philipp, Thankyou! Now I know how to deal with it both client side and server side! I searched for ever about automatic SSL forwarding and all of that, but I did not once see anything about HTTP Strict Stransport Security. I read the header of the main website, and indeed it specifies to "includeSubdomains", so that's the issue. Thank you very much!
Actually, the client side solution doesn't work because the addon doesn't work. It fails to load. Is there some sort of config somewhere built-in to the browser? Or a newer and functional add-on that will let me forcibly disable ssl on certain subdomains?
Ausgewählte Lösung
This one works for me. https://addons.mozilla.org/en-US/firefox/addon/enforce-encryption/
christ1 said
This one works for me. https://addons.mozilla.org/en-US/firefox/addon/enforce-encryption/
I note the addon page says
Known limitations
Unchecking "Enforce encrypted connection" won't produce the expected results for websites that opt into Strict Transport Security - the checkbox will be active again after you reload the page.
All of your answers were very helpful. Thank you.