Unwanted http redirecting to https
I will give one example of many. In the past, I must have accidentally typed https://mail.wizathon.com. The correct URL is http://mail.wizathon.com. Now when I try to get to the http version, Firefox automatically switches it to https, which fails. To fix this, I have always gone to Options -> Privacy -> Clear Site Settings and poof, the http version would work. I have tried this, I have tried "forgetting the site", I have looked in my profile and the site isn't listed there, I have tried Refreshing my Firefox, I have gone into my about: config and updated the htsc to false. I am out of options. Something happened in the last 2 weeks to cause this unwanted behavior.
Réiteach roghnaithe
It's not you, it's Firefox: wizathon.com is on the built-in HSTS preload list. You can see it in the search results here:
https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false
(the .inc file is huge, so I did not link directly to that)
More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security
There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended.
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box above the list, type or paste stricttran and pause while the list is filtered
(3) Double-click the network.stricttransportsecurity.preloadlist preference to switch the value from true to false (not recommended)
Read this answer in context 👍 0All Replies (3)
Réiteach Roghnaithe
It's not you, it's Firefox: wizathon.com is on the built-in HSTS preload list. You can see it in the search results here:
https://dxr.mozilla.org/mozilla-release/search?q=wizathon&redirect=false
(the .inc file is huge, so I did not link directly to that)
More info about this list: https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security#Preloading_Strict_Transport_Security
There is a preference to globally disable use of the list if necessary, but this turns off HTTPS redirection for all domains whose owners have requested inclusion in the list so it is not recommended.
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box above the list, type or paste stricttran and pause while the list is filtered
(3) Double-click the network.stricttransportsecurity.preloadlist preference to switch the value from true to false (not recommended)
I think the problem in this case is that the preload list has the base domain. There is a valid certificate for www.wizathon.com but not for the mail subdomain.
I don't know whether that is a temporary problem (oversight in renewing the SSL cert) or a very bad configuration -- who provides webmail access on an insecure connection?!
Could you raise this question with the site?
This finally answered my question and resolved my problem. Thank you!