Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Learn More

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

HTTP Strict Transport Security prevents me from accessing a server that I'm doing development on

  • 3 risposte
  • 21 hanno questo problema
  • 2940 visualizzazioni
  • Ultima risposta di nmjbhoffmann

more options

I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore.

I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then.

I've also manually added an exception in the certificate options, though that also didn't work.

Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.

I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore. I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then. I've also manually added an exception in the certificate options, though that also didn't work. Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.

Soluzione scelta

An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.

Open your current Firefox settings (AKA Firefox profile) folder using either

  • "3-bar" menu button > "?" button > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.

Leaving that window open, switch back to Firefox and Exit/Quit, either:

  • "3-bar" menu button > "power" button
  • (menu bar) File > Exit / Quit

Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.

When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.

Leggere questa risposta nel contesto 👍 5

Tutte le risposte (3)

more options

Soluzione scelta

An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.

Open your current Firefox settings (AKA Firefox profile) folder using either

  • "3-bar" menu button > "?" button > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.

Leaving that window open, switch back to Firefox and Exit/Quit, either:

  • "3-bar" menu button > "power" button
  • (menu bar) File > Exit / Quit

Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.

When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.

more options

Or maybe you're saying it's a clock problem, not a certificate problem. Could you copy/paste the actual error message?

more options

Thanks man, you're a life saver.

Deleting the entry in SiteSecurityServiceState.txt worked like a charm.