Bug 31589 - Firefox 102.8.0.esr locked into https, won't allow http connections
Summary: Firefox 102.8.0.esr locked into https, won't allow http connections
Status: RESOLVED WORKSFORME
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-23 19:45 CET by William Kenney
Modified: 2023-11-14 13:21 CET (History)
1 user (show)

See Also:
Source RPM: firefox-102.8.0-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description William Kenney 2023-02-23 19:45:31 CET 
Description of problem:

New netinstall, up to date repo
Firefox 102.8.0esr

Will no longer allow http connections

calling: http://~wilcal/
is forced to https://~wilcal/ then fails to connect.
Comment 1 William Kenney 2023-02-23 19:59:01 CET 
Looks like the last live media does the same thing
Comment 2 sturmvogel 2023-02-23 20:02:25 CET 
Did you already check the basic settings? If your private/local site doesn't support secure connections, you need to make an exemption for your site:
https://support.mozilla.org/en-US/kb/https-only-prefs#firefox:linux:fx102
Comment 3 William Kenney 2023-02-23 20:09:27 CET 
(In reply to sturmvogel from comment #2)
> Did you already check the basic settings? If your private/local site doesn't
> support secure connections, you need to make an exemption for your site:
> https://support.mozilla.org/en-US/kb/https-only-prefs#firefox:linux:fx102

I'm still working this
The http Firefox connection has worked for years ( decades actually )

It has suddenly changed
Never ever needed an exemption
Comment 4 William Kenney 2023-02-23 20:11:33 CET 
Mageia-9-beta1-Live-Pl13asma-x86_64.iso md5sum: 46292ba508fe244a729f36a2f8ae38e8
2/13/23

Is fine.
Something changed
Comment 5 sturmvogel 2023-02-23 20:23:36 CET 
(In reply to William Kenney from comment #3)
> The http Firefox connection has worked for years ( decades actually )
Luckily we are in the 21st century now and https is the standard. There are discussions ongoing to make browser automatically redirect from unsecure http to https by default. So earlier or later you need to make an exemption for your unsecure site...
Comment 6 Lewis Smith 2023-02-23 20:27:18 CET 
There is a Firefox Preferences setting that looks relevant:

Privacy & Security, right at the end:
 HTTPS-only mode:
  - Enable HTTPS-only mode in all windows
  - Enable HTTPS-only mode in private windows
  - Do not enable HTTPS-only mode
I set the last, but will keep an eye out for HTTP/HTTPS URL conversion.

(In reply to William Kenney from comment #4)
> Mageia-9-beta1-Live-Pl13asma-x86_64.iso 2/13/23
> Is fine.
> Something changed
If the problem recurs, can you sound out other ISO testers?
If the good behaviour sticks, can you close?

CC: (none) => lewyssmith
Source RPM: (none) => firefox-102.8.0-1.mga9.src.rpm

Comment 7 William Kenney 2023-02-23 20:35:18 CET 
(In reply to Lewis Smith from comment #6)

Many thanks for your quick help
QA meeting starts in 30 min and this is already on the agenda

> If the problem recurs, can you sound out other ISO testers?
> If the good behaviour sticks, can you close?

http may be old but there's still sites out there not using https

If there's a preference that needs to be changed that's fine for me but how about other people?
Comment 8 Lewis Smith 2023-11-14 13:21:28 CET 
(In reply to Lewis Smith from comment #6)
> There is a Firefox Preferences setting that looks relevant:
> Privacy & Security, right at the end:
>  HTTPS-only mode:
>   - Enable HTTPS-only mode in all windows
>   - Enable HTTPS-only mode in private windows
>   - Do not enable HTTPS-only mode
Seems to cover the problem.

Resolution: (none) => WORKSFORME
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.