This thread was archived. Please ask a new question if you need help.
Firefox forcing https
I'm a web developer and starting today I have an issue where I cannot access sites over http, I automatically get redirected to https. Since I'm running locally I don't have certificates installed. I have tried Private Browsing and looking for any entries in the SiteSecurityServiceState.txt file (there were none). The site can be accessed fine in edge over http, I can't test in chrome though as I use a .dev domain. Running Developer Edition 59.0b7, I don't see any release notes that would indicate a change in this behavior.
All Replies (9)
That comes from the site it's not something the Browser can change if the site requires https then it will have to be https. Certificates only come from the site mozilla can't provide that. If there is a issue with the site then you have to contact their webmaster.
This is a site running on local IIS server, the config does not require https as shown by the fact that I can browse http on Edge.
Sounds like it could be software security related? What addons do you have loaded in FF?
Only security software running is Windows Defender
FF Addons: Font Finder Katalon Recorder React Developer Tools TMetric – Time Tracker & Productivity App Trello Card ID
Just an update to this, I changed the binding name in IIS and updated the entry in the hosts file and am no longer getting sent to https. Definitely Firefox is making assumptions about that other domain. Not sure if it matters but I did update binding to be .com and not .dev (so I can test in chrome).
Thanks philpp. I've known chrome has done this for a while, a couple of us at the office moved to firefox for this reason. I'm surprised information on firefox forcing this is so sparse, looks like that first article was updated the same day I posted.
If there was actually a good reason for doing this, I'd not be super pissed off right now. There should at least be some way to disable this. It reminds me of how people say not to use target="_blank", but for some reason hijacking my local dev is OK? Straight BS.
Of related use (which actually solved my problem):
The webserver may have "Strict-Transport-Security" switched on, which causes Firefox to immediately switch https.
"Stop firefox from forcing https:// even with autofill false"