Search Support

Beware of phishing attacks: Mozilla will never ask you to call a number or visit a non-Mozilla website. Please ignore such requests.

Learn More

Firefox forcing https

  • 9 replies
  • 28 have this problem
  • 8243 views
  • Last reply by DasBughunter

more options

I'm a web developer and starting today I have an issue where I cannot access sites over http, I automatically get redirected to https. Since I'm running locally I don't have certificates installed. I have tried Private Browsing and looking for any entries in the SiteSecurityServiceState.txt file (there were none). The site can be accessed fine in edge over http, I can't test in chrome though as I use a .dev domain. Running Developer Edition 59.0b7, I don't see any release notes that would indicate a change in this behavior.

All Replies (9)

more options

That comes from the site it's not something the Browser can change if the site requires https then it will have to be https. Certificates only come from the site mozilla can't provide that. If there is a issue with the site then you have to contact their webmaster.

more options

This is a site running on local IIS server, the config does not require https as shown by the fact that I can browse http on Edge.

more options

Sounds like it could be software security related? What addons do you have loaded in FF?

more options

Only security software running is Windows Defender

FF Addons: Font Finder Katalon Recorder React Developer Tools TMetric – Time Tracker & Productivity App Trello Card ID

more options

Just an update to this, I changed the binding name in IIS and updated the entry in the hosts file and am no longer getting sent to https. Definitely Firefox is making assumptions about that other domain. Not sure if it matters but I did update binding to be .com and not .dev (so I can test in chrome).

more options

Chosen Solution

more options

Thanks philpp. I've known chrome has done this for a while, a couple of us at the office moved to firefox for this reason. I'm surprised information on firefox forcing this is so sparse, looks like that first article was updated the same day I posted.

more options

If there was actually a good reason for doing this, I'd not be super pissed off right now. There should at least be some way to disable this. It reminds me of how people say not to use target="_blank", but for some reason hijacking my local dev is OK? Straight BS.

more options

Of related use (which actually solved my problem):

The webserver may have "Strict-Transport-Security" switched on, which causes Firefox to immediately switch https.

"Stop firefox from forcing https:// even with autofill false"

https://support.mozilla.org/en-US/questions/1027355