X
Tap here to go to the mobile version of the site.

Support Forum

Firefox defaults to https version of a website, how to disable this?

Posted

Hello,

On my website I have a SSL certificate installed so you can reach it via https://www.example.net and http://www.example.net. To administer my website, I access it over https but when I just want to see the changes or simply visit the website, I don't want to see the the website over https. I want to visit it over the http. However, since Firefox "remembers" this website can be reached over https even when I type in the address bar www.example.net it takes me to https://www.example.net. I have to manually remove the "s" or enter the full http://www.example.net address in order to see the website over http. While some may find this default behavior desirable, I find it annoying and should I wish to access the website over https I will enter the full address with https at the beginning. My question is, how do I disable the Firefox from defaulting to https connection? I'd not like to disable completely the auto fill feature if that's the only way to do it.

Firefox 20.0 on OS X 10.8.3.

Thank you, Goran

Hello, On my website I have a SSL certificate installed so you can reach it via https://www.example.net and http://www.example.net. To administer my website, I access it over https but when I just want to see the changes or simply visit the website, I don't want to see the the website over https. I want to visit it over the http. However, since Firefox "remembers" this website can be reached over https even when I type in the address bar www.example.net it takes me to https://www.example.net. I have to manually remove the "s" or enter the full http://www.example.net address in order to see the website over http. While some may find this default behavior desirable, I find it annoying and should I wish to access the website over https I will enter the full address with https at the beginning. My question is, how do I disable the Firefox from defaulting to https connection? I'd not like to disable completely the auto fill feature if that's the only way to do it. Firefox 20.0 on OS X 10.8.3. Thank you, Goran

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.7 r700
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0

More Information

jscher2000
  • Top 10 Contributor
8758 solutions 71658 answers

This was first noticed with Firefox 14: the autofill in the address bar defaults to HTTPS if you have ever used HTTPS anywhere on the site. I don't think there is a way to change that aspect of its behavior, but you can disable the in-address-bar autofill without losing the suggestions that appear below the bar.

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the filter box, type or paste autofill and pause while the list is filtered

(3) Double-click browser.urlbar.autoFill to toggle it from true to false.

This was first noticed with Firefox 14: the autofill in the address bar defaults to HTTPS if you have ever used HTTPS anywhere on the site. I don't think there is a way to change that aspect of its behavior, but you can disable the in-address-bar autofill without losing the suggestions that appear below the bar. (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (2) In the filter box, type or paste '''autofill''' and pause while the list is filtered (3) Double-click '''browser.urlbar.autoFill''' to toggle it from true to false.
nikademus 0 solutions 3 answers

Unfortunately, this is far more pervasive than this. If I am trying to access http://example.com:8080, even if I type the http://, it still rewrites my url to https://example.com:8080 and I get:

                                  Secure Connection Failed
         An error occurred during a connection to example.com:8080.

SSL received a record that exceeded the maximum permissible length.

So the browser knows this is not something that is available as ssl, but still tries to access it. browser.urlbar.autoFill does not modify this behavior, neither safe mode, neither cleaning the cache. So, at the moment, there is absolutely no way to access that website besides using another browser, which is obviously not an option.

I am running 20.0 on linux x86_64

Unfortunately, this is far more pervasive than this. If I am trying to access http://example.com:8080, even if I type the http://, it still rewrites my url to https://example.com:8080 and I get: Secure Connection Failed An error occurred during a connection to example.com:8080. SSL received a record that exceeded the maximum permissible length. So the browser knows this is not something that is available as ssl, but still tries to access it. browser.urlbar.autoFill does not modify this behavior, neither safe mode, neither cleaning the cache. So, at the moment, there is absolutely no way to access that website besides using another browser, which is obviously not an option. I am running 20.0 on linux x86_64
cor-el
  • Top 10 Contributor
  • Moderator
17525 solutions 158458 answers

You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "View > Sidebar > History") or via the about:permissions page.

Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious and if you have a password or other data from that domain that you do not want to lose then make a note of those passwords and bookmarks.

You can't recover from this 'forget' unless you have a backup of the affected files.

It doesn't have any lasting effect, so if you revisit such a 'forgotten' website then data from that website will be saved once again.

You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "View > Sidebar > History") or via the about:permissions page. Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious and if you have a password or other data from that domain that you do not want to lose then make a note of those passwords and bookmarks. You can't recover from this 'forget' unless you have a backup of the affected files. It doesn't have any lasting effect, so if you revisit such a 'forgotten' website then data from that website will be saved once again.
nikademus 0 solutions 3 answers

Helpful Reply

Unfortunately, some subdomains of this website are https only and some are http only. And it seems that mozilla doesn't make any differences between subdomains (or ports). So if I visit https://example.com once, it will redirect me to https when I try to access http://test.example.com

Unfortunately, some subdomains of this website are https only and some are http only. And it seems that mozilla doesn't make any differences between subdomains (or ports). So if I visit https://example.com once, it will redirect me to https when I try to access http://test.example.com
cor-el
  • Top 10 Contributor
  • Moderator
17525 solutions 158458 answers

If autofill is disabled and you enter the URL with the protocol then Firefox shouldn't change the protocol.

If autofill is disabled and you enter the URL with the protocol then Firefox shouldn't change the protocol. *http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/
nikademus 0 solutions 3 answers

So the problem lies in web servers with a configration like this:

Strict-Transport-Security: max-age=15768000 ; includeSubDomains

Firefox remembers the site and all subdomains if includeSubDomains is set.

So the problem lies in web servers with a configration like this: Strict-Transport-Security: max-age=15768000 ; '''''includeSubDomains''''' Firefox remembers the site and all subdomains if includeSubDomains is set.
spizzzz 0 solutions 1 answers

Helpful Reply

I also have this problem and I don't want to disable autofill. My best workaround so far is to use Chrome instead. I hope mozilla will eventually revert this auto https "feature" some day!

I also have this problem and I don't want to disable autofill. My best workaround so far is to use Chrome instead. I hope mozilla will eventually revert this auto https "feature" some day!