X
Tap here to go to the mobile version of the site.

Support Forum

Unwanted http redirecting to https

Posted

I will give one example of many. In the past, I must have accidentally typed https://mail.wizathon.com. The correct URL is http://mail.wizathon.com. Now when I try to get to the http version, Firefox automatically switches it to https, which fails. To fix this, I have always gone to Options -> Privacy -> Clear Site Settings and poof, the http version would work. I have tried this, I have tried "forgetting the site", I have looked in my profile and the site isn't listed there, I have tried Refreshing my Firefox, I have gone into my about: config and updated the htsc to false. I am out of options. Something happened in the last 2 weeks to cause this unwanted behavior.

I will give one example of many. In the past, I must have accidentally typed https://mail.wizathon.com. The correct URL is http://mail.wizathon.com. Now when I try to get to the http version, Firefox automatically switches it to https, which fails. To fix this, I have always gone to Options -> Privacy -> Clear Site Settings and poof, the http version would work. I have tried this, I have tried "forgetting the site", I have looked in my profile and the site isn't listed there, I have tried Refreshing my Firefox, I have gone into my about: config and updated the htsc to false. I am out of options. Something happened in the last 2 weeks to cause this unwanted behavior.

Chosen solution

It's not you, it's Firefox: wizathon.com is on the built-in HSTS preload list. You can see it in the search results here:

https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false

(the .inc file is huge, so I did not link directly to that)

More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security

There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box above the list, type or paste stricttran and pause while the list is filtered

(3) Double-click the network.stricttransportsecurity.preloadlist preference to switch the value from true to false (not recommended)

Read this answer in context 0
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0

More Information

jscher2000
  • Top 10 Contributor
8961 solutions 73431 answers

Chosen Solution

It's not you, it's Firefox: wizathon.com is on the built-in HSTS preload list. You can see it in the search results here:

https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false

(the .inc file is huge, so I did not link directly to that)

More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security

There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended.

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box above the list, type or paste stricttran and pause while the list is filtered

(3) Double-click the network.stricttransportsecurity.preloadlist preference to switch the value from true to false (not recommended)

It's not you, it's Firefox: wizathon''.''com is on the built-in HSTS preload list. You can see it in the search results here: https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false (the .inc file is huge, so I did not link directly to that) More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended. (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button accepting the risk. (2) In the search box above the list, type or paste '''stricttran''' and pause while the list is filtered (3) Double-click the '''network.stricttransportsecurity.preloadlist''' preference to switch the value from true to false ('''not recommended''')
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8961 solutions 73431 answers

I think the problem in this case is that the preload list has the base domain. There is a valid certificate for www.wizathon.com but not for the mail subdomain.

I don't know whether that is a temporary problem (oversight in renewing the SSL cert) or a very bad configuration -- who provides webmail access on an insecure connection?!

Could you raise this question with the site?

I think the problem in this case is that the preload list has the base domain. There is a valid certificate for www.wizathon''.''com but not for the mail subdomain. I don't know whether that is a temporary problem (oversight in renewing the SSL cert) or a very bad configuration -- who provides webmail access on an insecure connection?! Could you raise this question with the site?
Was this helpful to you?
Quote

Question owner

This finally answered my question and resolved my problem. Thank you!

This finally answered my question and resolved my problem. Thank you!
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.