Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox defaults to https version of a website, how to disable this?

  • 7 replies
  • 55 have this problem
  • 16487 views
  • Last reply by spizzzz

more options

Hello,

On my website I have a SSL certificate installed so you can reach it via https://www.example.net and http://www.example.net. To administer my website, I access it over https but when I just want to see the changes or simply visit the website, I don't want to see the the website over https. I want to visit it over the http. However, since Firefox "remembers" this website can be reached over https even when I type in the address bar www.example.net it takes me to https://www.example.net. I have to manually remove the "s" or enter the full http://www.example.net address in order to see the website over http. While some may find this default behavior desirable, I find it annoying and should I wish to access the website over https I will enter the full address with https at the beginning. My question is, how do I disable the Firefox from defaulting to https connection? I'd not like to disable completely the auto fill feature if that's the only way to do it.

Firefox 20.0 on OS X 10.8.3.

Thank you, Goran

All Replies (7)

more options

This was first noticed with Firefox 14: the autofill in the address bar defaults to HTTPS if you have ever used HTTPS anywhere on the site. I don't think there is a way to change that aspect of its behavior, but you can disable the in-address-bar autofill without losing the suggestions that appear below the bar.

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the filter box, type or paste autofill and pause while the list is filtered

(3) Double-click browser.urlbar.autoFill to toggle it from true to false.

more options

Unfortunately, this is far more pervasive than this. If I am trying to access http://example.com:8080, even if I type the http://, it still rewrites my url to https://example.com:8080 and I get:

                                  Secure Connection Failed
         An error occurred during a connection to example.com:8080.

SSL received a record that exceeded the maximum permissible length.

So the browser knows this is not something that is available as ssl, but still tries to access it. browser.urlbar.autoFill does not modify this behavior, neither safe mode, neither cleaning the cache. So, at the moment, there is absolutely no way to access that website besides using another browser, which is obviously not an option.

I am running 20.0 on linux x86_64

more options

You can remove all data stored in Firefox from a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History > Show All History" or "View > Sidebar > History") or via the about:permissions page.

Using "Forget About This Site" will remove all data stored in Firefox from that domain like bookmarks, cookies, passwords, cache, history, and exceptions, so be cautious and if you have a password or other data from that domain that you do not want to lose then make a note of those passwords and bookmarks.

You can't recover from this 'forget' unless you have a backup of the affected files.

It doesn't have any lasting effect, so if you revisit such a 'forgotten' website then data from that website will be saved once again.

more options

Unfortunately, some subdomains of this website are https only and some are http only. And it seems that mozilla doesn't make any differences between subdomains (or ports). So if I visit https://example.com once, it will redirect me to https when I try to access http://test.example.com

more options

If autofill is disabled and you enter the URL with the protocol then Firefox shouldn't change the protocol.

more options

So the problem lies in web servers with a configration like this:

Strict-Transport-Security: max-age=15768000 ; includeSubDomains

Firefox remembers the site and all subdomains if includeSubDomains is set.

more options

I also have this problem and I don't want to disable autofill. My best workaround so far is to use Chrome instead. I hope mozilla will eventually revert this auto https "feature" some day!