Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Firefox renders raw HTTP response as text for self-signed secure connection

  • 3 uphendule
  • 1 inale nkinga
  • 10 views
  • Igcine ukuphendulwa ngu SonoSooS

more options

I'm trying to connect to a miniature secure web server which has a self-signed certificate, but for some reason in https mode Firefox displays the entire raw HTTP result as the website content.

If I turn off the secure layer (so it's sending the HTTP response in cleartext) then it works and the webpage gets rendered as expected.

It seems like only Firefox is affected. I have tested two other browsers and there the HTTP protocol gets parsed, and the page displays as intended.

I'm trying to connect to a miniature secure web server which has a self-signed certificate, but for some reason in https mode Firefox displays the entire raw HTTP result as the website content. If I turn off the secure layer (so it's sending the HTTP response in cleartext) then it works and the webpage gets rendered as expected. It seems like only Firefox is affected. I have tested two other browsers and there the HTTP protocol gets parsed, and the page displays as intended.
Ama-screenshot ananyekiwe

Okulungisiwe ngu SonoSooS

All Replies (3)

more options

Are other able to see the link to see what your talking about?

more options

This sounds more like an issue with how this website is send to Firefox, text/plain that would show the HMTL code instead of text/html that would make Firefox render the page. It is also possible that your security software doesn't trust the server and modifies the HTTP response headers to present Firefox content type text/plain.

You can check the content type via "Tools -> Page Info -> General" and via the Network Monitor.

more options

WestEnd said

Are other able to see the link to see what your talking about?

I attached two screenshots to the first post, I hope it's visible *now* because it wasn't visible yesterday. I'll re-attach it to this post just in case it's still not yet visible.

As for the link, it's https://localhost/ or http://localhost:443 (after switching the server to use cleartext HTTP on port 443).

Edit: I misread your question twice; yes, other browsers display the content as expected.

cor-el said

This sounds more like an issue with how this website is send to Firefox, text/plain that would show the HMTL code instead of text/html that would make Firefox render the page. It is also possible that your security software doesn't trust the server and modifies the HTTP response headers to present Firefox content type text/plain. You can check the content type via "Tools -> Page Info -> General" and via the Network Monitor.

I attached two screenshots on the first post a few hours ago, but it was not visible when I attached them, so I'll attach the screenshots of the network monitor to this post again.

If the server is running in plaintext HTTP mode it works as expected. If I switch it to HTTPS then (after adding a certificate exception for localhost) it just displays the underlying HTTP response as plaintext, and network monitor shows the response as a gray circle with no response code instead of the expected green circle and 200 next to it as the status code. Opening the General tab shows that there are no response headers (which makes sense because the whole HTTP response is echoed as monospace text).

Changing the content type from text/plain to text/html works if the server is running in plaintext mode, but it just displays the raw HTTP response still when it's running in https mode and accessing the server via https.

I don't have any security software installed which would interfere with the results. I also tried starting Firefox with the extensions disabled (I think it's called "safe mode" in the English translation), but same effect.

Oh also, all the server does is wrap the raw socket in a secure socket layer and just do its usual HTTP server thingies using the wrapped socket. This works in other browsers after clicking the -sometimes very obscure- continue button (except IE because that straight up refuses to load the page AT ALL without being able continue to the site), and they renders the page as expected.

Okulungisiwe ngu SonoSooS