Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS-Only mode doesn't show "Continue to HTTP Site" [closed: IDK] #1320

Closed
unbranched opened this issue Jan 3, 2022 · 12 comments
Closed

HTTPS-Only mode doesn't show "Continue to HTTP Site" [closed: IDK] #1320

unbranched opened this issue Jan 3, 2022 · 12 comments

Comments

@unbranched
Copy link

unbranched commented Jan 3, 2022

  • browser version
    Firefox 95.0.2
  • Steps to Reproduce (STR)
    Try to visit any plain HTTP URL.
  • actual result
    Connection not succesfull message.
  • expected result
    Firefox should prompt to fallback to HTTP version of website.
  • anything else you deem worth mentioning
    Since some weeks I can't access any HTTP website that I use locally. Previously I used the HTTPS-only mode on Firefox for all windows, now I disabled it but I still can't access those urls.
    Firefox just says that the connection was not succesfull without any Advanced messages. It should instead prompt me to try the HTTP version of the website just clicking a button.

Temporary workaround:
-HTTPS-only mode is enabled for Anonymous windows.
-Open an Anonymous window.
-The website is not available in HTTPS so Firefox prompts me to proceed to the HTTP page.

@ghost
Copy link

ghost commented Jan 3, 2022

/* 1246: disable HTTP background requests [FF82+]
 * When attempting to upgrade, if the server doesn't respond within 3 seconds,
 * Firefox sends HTTP requests in order to check if the server supports HTTPS or not
 * This is done to avoid waiting for a timeout which takes 90 seconds
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);

Try overriding this to true.

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Jan 4, 2022

Temporary workaround:
-HTTPS-only mode is enabled for Anonymous windows.
-Open an Anonymous window.
-The website is not available in HTTPS so Firefox prompts me to proceed to the HTTP page.

There is NO SUCH THING as an anonymous window. Do you mean private window?

So you are saying that HTTPS-Only is enabled for PB widows and it works in a PB window?

  • [SETTING] Privacy & Security > HTTPS-Only Mode > Enable HTTPS-Only Mode in private windows only
  • and when you try it in a private window it works?

This is no different to enabling HoM in all windows (private windows is just a subset of all windows). This workaround makes zero sense

If you turned off HoM altogether, then private windows use what is known as HTTPS-First which is different


Works For Me

  • note: both a vanilla release and in my main stable arkenfoxed firefox
  • note: for me it took about half a second in both for the HTTPS-Only Mode Alert page to show
  • enable HTTPS-Only Mode in all windows
    • [SETTING] Privacy & Security > HTTPS-Only Mode
    • ^ make sure the test site is not in Manage Exceptions
  • visit any HTTP site that does not upgrade - example: http://www.impawards.com/search.php
  • you should end up with a page like this
    • pic1
  • click Continue to HTTP Site
  • if you want: once on the site, change the site exception to permanent
    • yes, that is Nicolas Cage watching you, so don't fuck it up
    • pic2
  • you can see it in the HTTPS-Only Manage Exceptions
    • note this is in non-FPI format
    • pic3

You can also just add your sites directly to the manage exceptions if you need to

HTTPS-Only mode works for me. There are some edge cases, but they are rare - see #1047 (comment) and follow the meta bugzilla etc. Also try the pref Nallua said

Give me a list of sites that fail for you - don't be shy

  • if they work for me but not you then it's not an HTTPS-Only bug, it's something else
  • it may be that they're timing out for you but not others. Are you using DoH? Are you using a VPN or proxy? Are you going through a MitM like antivirus?

As a start, at least give us some common sites to test on

@Thorin-Oakenpants
Copy link
Contributor

If it works in private windows but not normal windows - I will ask the obvious question - is it an extension causing this (by default extensions do not run in private windows)

@unbranched
Copy link
Author

@Nallua Tried, it didn't work. It's still set to true now.

@Thorin-Oakenpants

There is NO SUCH THING as an anonymous window. Do you mean private window?

Yes sorry, sad localization choice in my language.

* [SETTING] Privacy & Security > HTTPS-Only Mode > Enable HTTPS-Only Mode in private windows only

* and when you try it in a private window it works?

Correct

This is no different to enabling HoM in all windows (private windows is just a subset of all windows). This workaround makes zero sense

I know but still works, maybe is it something cached? (see below)

Works For Me

[...]
* visit any HTTP site that does not upgrade - example: http://www.impawards.com/search.php

This page worked instantly, prompting me to switch to HTTP.

Give me a list of sites that fail for you - don't be shy

I can't because I understand now that maybe they are all the LAN sites I have. I don't have any antivirus or something else in the middle that demands HTTPS.

* it may be that they're timing out for you but not others. Are you using DoH? Are you using a VPN or proxy? Are you going through a MitM like antivirus?

I'm using the Firefox DoH, disabled now for these tests.

If it works in private windows but not normal windows - I will ask the obvious question - is it an extension causing this (by default extensions do not run in private windows)

Just uBlock Origin.

So to summarize, if they are just my LAN sites maybe the domain used locally got somewhat cached to HTTPS? Before opening this issue I tried adding the domain in https exceptions but doesn't work, could you tell me what's the correct FPI format to use?

@unbranched
Copy link
Author

unbranched commented Jan 4, 2022

Of course the solution arrived just after I posted my answer... it was "Site Preferences" the only thing that I don't clear when Firefox closes. Clearing those restored the normal behaviour.

EDIT: btw, now that it works I can save the http exception from the interface, so it saves it with FPI syntax.

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Jan 4, 2022

OK, so not an extension, but localhost. You should configure your localhost to use HTTPS

here's mine (nothing to do with HTTPS-Only mode because it's https)

  • on nightly I get a session warning and have to click Advanced and then Accept the Risk and Continue
    • I don't get that in FF95
      pic

Not pic related

  • IDK if there are any settings that exclude localhost from HTTPS-Only mode

what's the correct FPI format to use

Are you using FPI? What is the value of privacy.firstparty.isolate - we are moving that to false and you will no longer need to use FPI syntax

now that it works I can save the http exception from the interface, so it saves it with FPI syntax

yes, doing it from the urlbar always uses the correct format - but we are changing from FPI to not FPI, see linked issue above

❓ Do you mean your LAN sites are now working with an exception? Or did you mean normal websites? I'm confused

I'm just interested if adding a localhost as an exception works. If it doesn't then I suggest you turn change your local web server to use HTTPS by default

if they are just my LAN sites maybe the domain used locally got somewhat cached to HTTPS

I don't follow - you said your LAN sites are HTTP? Also private mode shouldn't cache anything after all private windows are closed.

@Thorin-Oakenpants Thorin-Oakenpants changed the title Can't access plain HTTP websites Can't access HTTP localhost Jan 4, 2022
@Thorin-Oakenpants
Copy link
Contributor

reopening so I can solve this properly

Can you or can you not get localhost (or what you call LAN) insecure pages to load with HoM exceptions?

@unbranched
Copy link
Author

Not localhost, they are servers in LAN that use the same TLD.
Yes I'm aware of the incoming v96 change so I'll edit my config in the next release.

Do you mean your LAN sites are now working with an exception? Or did you mean normal websites? I'm confused

I mean that when I type the URL now Firefox asks me again if I want to visit the HTTP version because HTTPS page is unavailable. So I can just click that button and it works. I then added the permanent exception.

Can you or can you not get localhost (or what you call LAN) insecure pages to load with HoM exceptions?

Sure, now everything works as normal. HoM is enabled for all windows, I want to connect to an HTTP page, Firefox tries HTTPS but is unavailable, prompts me to change to http, it works.

@Thorin-Oakenpants
Copy link
Contributor

Not localhost, they are servers in LAN that use the same TLD

I don't know what that means

I mean that when I type the URL now Firefox asks me again if I want to visit the HTTP version because HTTPS page is unavailable. So I can just click that button and it works. I then added the permanent exception.

So nothing changed then? You said your "LAN pages" would not provide the error page to let you continue. Now they do. So what changed?

@unbranched
Copy link
Author

unbranched commented Jan 4, 2022

So nothing changed then? You said your "LAN pages" would not provide the error page to let you continue. Now they do. So what changed?

The only thing I did to fix was clearing the "Site Preferences" from Firefox. Looks like it saved to use those websites always with HTTPS and I had no possibility to change that. I don't know if it's a desired behaviour or a Firefox bug.

@Thorin-Oakenpants
Copy link
Contributor

Ahh OK. So HoM exceptions work with "LAN" - that's what I needed to know

@Thorin-Oakenpants Thorin-Oakenpants changed the title Can't access HTTP localhost HTTPS-Only mode doesn't show "Continue to HTTP Site" [solved: IDK] Jan 4, 2022
@Thorin-Oakenpants
Copy link
Contributor

Stlill doesn't make that much sense - your LAN sites were never HTTPS so I don't see how any site exceptions were HTTPS. Anyway, so glad this is closed :) and that it's working now for you

@Thorin-Oakenpants Thorin-Oakenpants changed the title HTTPS-Only mode doesn't show "Continue to HTTP Site" [solved: IDK] HTTPS-Only mode doesn't show "Continue to HTTP Site" [closed: IDK] Oct 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants