I hope you can help me. I searched the whole internet, found loads of different tips and steps of how to do it and nothing works for me.
I build a simple application which has Webbrowser1 embedded. Soon I found that many websites does not display correctly so I found that a regsitry key can be tweeked to make the application to use IE11.
Now I have the issue with HTTPS:// self signed certifcation.
Basically in my Apllication the website displays:
In IE11 browser I get the
Basically if the "go on to the webpage (not recommended)" was in my app I would not have a problem. But instead I have the "Error Code:0".
I tried bypassing this in IE11 internet options > advanced > security
I tried adding the website I am interested to open inside Trusted Sites
I tried to follow steps on the interent for IE11 to simply bypass this security feature
I tried looking for the way to bypass this on VB using
ServicePointManager.ServerCertificateValidationCallback =
New RemoteCertificateValidationCallback(Function() True)
The above line maybe works, but I don't know how to utilize it.
To summarize;
I have webbrowser1, textbox1, button1. When I click on button1 it does webbrowser1.navigate(textbox1.text). It works on every website like a harm except the https with expired certs etc.
What do I need to do to have the possibility to display those https websites?
Related
I'm using Firefox, and while setting up a server, I have been fiddling around with redirects. Now, Firefox has cached a 301 redirect from http://example.com/ to https://example.com/ and from http://sub.example.com/ to https://sub.example.com/.
I've tried the following things:
History -> Show all history -> Forget about this site.
Checked that no bookmark with https://example.com/ is present.
Changing browser.urlbar.autoFill to false in about:config.
Changing browser.cache.check_doc_frequency from 3 to 1.
Options -> Advanced -> Network -> Chached Web Content -> Clear now.
None of the above works, so I checked the redirect with wheregoes.com and it doesn't show any redirect from http to https.
I've even changed the DNS to point to another IP served by a server, where I've never set up redirection - the redirection is still in effect.
I've also tried in Private Browsing in Firefox, and there is no redirect there. I've tried in Google Chrome, and there is also no redirect here.
I've also tried to make a redirect from https to http which worked in Google Chrome, and yielded a redirection error in Firefox.
My version of Firefox is 38.0.1, and I'm using Windows 8.1. I use the following addons: AddBlock, Avast! and LastPass. Avast! may not be the issue, as I've disabled it while testing.
What I can do about it?
"Sites preferences" are the culprit. Wasted 45min of my life finding how to fix it despite all the kb/support.mozilla tricks which does not solve your issue nor did mine. I don't know what triggers this issue, but several of my websites started to go pear-shaped in a few weeks only affecting me and only firefox.
That's the solution you are all looking for:
Go to Preferences
Privacy
Click 'Clear your history' (nothing will happen yet, click safely)
Once the pop-up appears, click Details.
Untick everything except 'Sites Preferences'
Select 'Everything' in the select box at the top
Click Ok
Try now
PS: What I did try that did not worked for me are:
urlbar.autofill false
Forget Website trick
Safe mode
We all know it is not an HSTS issue when a website you own and you accessed before never got https support but now FF wants you to use https... It is just a firefox bug IMO.
The solution that worked for me:
Go to about:config
Look for network.stricttransportsecurity.preloadlist and set it to false
Enjoy
If the above STILL DOES NOT WORK, try setting browser.fixup.fallback-to-https to false from about:config
Using Firefox 100 or above you may also need:
dom.security.https_first to false
dom.security.https_first_pbm to false (this one is for anonymous windows)
I had the same problem but the answer was that I used a .dev extension to access my local websites !
I cleared all historic data in FF and nothing changed.
Searching for another solution, I found this page https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. If you're looking for a quick "search and replace" alternative for existing setups, consider the .test gTLD, which is a reserved name by IETF for testing (or development) purposes.
I changed my local website extensions from .dev to .test and all work perfectly !
Alternative solution, easy.
Open Firefox and in the address bar type this URL
http://example.com/?fake_parameter_to_bypass_cache
This should force the browser to reload the web page from http://
None of the answers worked for me, the only the one was the one in the comment of Muhammad so thanks in advance to him, I copy the answer here to make it easier:
Go to about:config
Look for browser.fixup.fallback-to-https and set it to false
Check your extensions!
In my case, DuckDuckGo Privacy Essentials extension was causing this redirect. I disabled it, and the problem is solved.
Now (Firefox 84) it is much simpler to clear the site's data. Just click the padlock icon on the left of the address bar. Then choose "Clear cookies and site data".
I had the same situation as what OP did. It helped me to clear the HTTPS redirect.
Here's what worked for me on Firefox v98.0.2:
Settings -> General
Network Settings -> Settings
Uncheck "Enable DNS over HTTPS
I tried the 'correct' answer, plus the comment about including cache in the deletion, and I was still having issues with my problem site.
I opened the firefox profile directory and searched for the website name in all files.
I found it in 'logins-backup.json' and deleted that file to finally fix the problem.
In my case, I decided to use a *.dev domain for local development. But then I tried to open the site in Firefox, and after a while I realized it uses HTTPS, even when I start the url with "http://..." I tried to right-click on the link in the History, and choose Forget About This Site, or clear the cache. But it didn't help.
Later I found out that the dev domain is in HSTS preload list these days. Which means Firefox and Chrome (and probably others) don't let you access the subdomains w/o HTTPS. More on it here and here.
In my case, it was an addon that did it: disabling DuckDuckGo privacy essentials fixed it.
I had this issue when running Firefox with OWASP ZAP proxy.
I didn't knew it was the proxy causing this.
In hindsight it's easy to test this: run Firefox without OWASP ZAP proxy to see if it works.
To get it working with OWASP ZAP, turn off Heads Up Display (HUD) or enable the HUD only for URL's that are in scope.
My problem was caused by the HTTPS by default extension. There is a bug that opens HTTP bookmarks with HTTPS. To work around, open "HTTPS by default" Preferences pane and enter domain name exclusion.
None of these suggestions worked for me in Firefox v101. What worked for me is changing the value of security.tls.version.min from 3 to 1 in about:config.
[NOTE: After I changed this setting, Firefox initially redirected from http to https. But this time Firefox allowed me to "accept the risk and continue," which wasn't possible when security.tls.version.min was set to 3. --end note]
See also: https://support.mozilla.org/en-US/questions/1116550
Lets get back to the old firefox that was amazing, the 3.6.
Nowadays is full of crap for us developers, and sysadmins.
I have tons of sites in intranet that cannot have a valid ssl, this is a major deal. I cannot download "deb" files because its a threat, i cannot this and cannot that... why? I am a power user i know what to do whit, why should I (we) be treated like the rest of the users?
The cache, i cannot disable the cache to 100% why?
In a blip of a second i will be using links as my browser.
Firefox should have a expert mode, where none of this crap happens.
I am mad with firefox and chrome. That is why i still use firefox 3.6 in a lot of cases, to bypass stupid restrictions.
Now, I had this issue on my workstation's development site. I had an old site that I still wanted to reference, and I couldn't get http to work for anything. There was not https binding, either.
Finally, I realized I had a url-rewrite in my webconfig that redirected all http to https...
hahahaha
Disabling https, is not an absolute in Firefox. Some sites will redirect and may not offer http.
However to choose one url over the other if it is an option you can disable autofil:
Address Bar Search In order to change your Firefox Configuration please do the following steps :
In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
Click I'll be careful, I promise! to continue to the about:config page.
In the filter box, type or paste autofill and pause while the list is filtered
Double-click browser.urlbar.autoFill to toggle it from true to false.
I have recently added a SSL Certificate to my website but it’s causing issues with some functionality no longer working when the site is accessed with https. The tabs, accordion and menu doesn’t work on the https version on the below links for example.
http://waflfootyfacts.net/player/stats.php?PlayerID=4764
https://waflfootyfacts.net/player/stats.php?PlayerID=4764
Any idea where I can start looking at the fix? Is this a common thing that can happen with SSL?
I am not a web developer and had an old work mate help me with the site and I’ve been self-taught since and this has stumped me.
I am using metro-bootstrap css and am using relative paths throughout the site except on the header where I am using absolute paths
I eventually found the issue - I had a JS loader that was loading http script
I currently test NTLM authentication with Apache 2.4 on a windows machine, locally. All work fine. If i open a demo site http://localhost/authfoo/text.php, the site will load without an authentication dialog in every browser. The test.php script get all required authentication data automatically from the current windows user.
So far so good. Tested with Internet Explorer 11, Chrome, Firefox and it works. Only Microsoft Edge open up an authentication dialog and i must enter credentials. All what i see in this dialog window is that the title show my computername instead of localhost. This indicated that Edge use the computername as internal domain, and that is for sure no intranet domain, like localhost is.
There is something for edge that is a so called LoopbackExempt. With that you can allow localhost to be threaded as an intranet site. This setting also not helped me. https://developer.microsoft.com/en-us/microsoft-edge/platform/faq/#how-can-i-debug-localhost
However, when i manually add http://15031489-nb.cstp.intern/ to intranet sites via settings in Edge, than it work when i use http://15031489-nb.cstp.intern/authfoo/text.php without an authentication dialog. But http://localhost/authfoo/text.php still show that authentication dialog.
Btw, http://localhost is also added to intranet sites, just to make sure everything will be treated as an actual Intranet Site.
So, i have no idea of how i can get this thing to work in Edge also, like every other browser already does, even IE 11 work without flaws.
I've been searching this problem for a while and found this answer from the microsoft developer community:
Microsoft Edge doesn't allow integrated Windows Auth over loopback as
a security mitigation to prevent breaking the browser sandbox. The
only workaround offered by the team is to use the FQDN while
debugging.
(Source)
So you will have to use the FQDN instead of http://localhost/, which is http://15031489-nb.cstp.intern/ in your case. I don't believe that Microsoft will ever fix this issue in Edge, as it is intended behaviour.
I would like to test https related application on my local machine before pushing it to staging and production.
If I try to test on local system, the page just showing (in chrome it gets to the "This webpage has a redirect loop" page).
If any information could be provided that would assist me in setting this up / getting it working and testing, I would be extremely grateful . Thanks
This problem can have two angles whether this could be related to your specific browser or with your ColdFusion application:
First and foremost can you check it on Firefox or IE just to isolate if this is specific to Chrome. (As I have seen this to come on Chrome more than often)
if it works on Other Browsers:
probably Chrome is at fault. Go to settings (Options -> Under the Hood -> Content Settings -> Cookies -> Show cookies and other site data)
Enter your problem URL in search bar and it would list all related cookies.
Select "Remove all"
if it FAILS on other browsers as well:
Can you check with perhaps another test application?
Please check with following article by Ben Nadal --
http://www.bennadel.com/blog/1666-Ask-Ben-Enforcing-An-SSL-HTTPS-Connection-Based-On-Request.htm
If this persists, please add some more information, on how this has been set up.
Cheers,
Anjaneai
If I understand your questions you should be able to use a self signed certificate on your local dev box. Once you set this up you should be able to test your site in SSL mode.
Here is one quick tutorial.
http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
I have an ASP.NET site which should transport completely over HTTPS. However, in Google Chrome I get a warning that the page includes resources which are not secure. How can I find out which those resources are and why they wouldn't be going over HTTPS?
I've just had this problem in Chrome also. I checked in the Network tab but all resources were loaded over https.
Solution: close Chrome and re-open.
Chrome must cache its secure-content detection so that even when you fix the problems the insecure content message won't disappear.
Usually this occurs because you are loading Images, javascript include files or external CSS files without using https. You can use a program such as FireBug: http://getfirebug.com/
FireBug will tell you how your elements are loading and which aren't going through the ssl layer. If you don't have firefox, then I am pretty sure Chrome also has something similar to FireBug built in.
Here's how to use firebug:
Open firebug
Click on the Console Tab
Reload the page
Any https errors will show in the console and tell you which resource is not working.
Hope this helps
I have nothing to do with the people providing this online script, but it's easy and can be bookmarked in any browser.. works well and quickly to solve the problem.. http://www.whynopadlock.com
In Google Chrome: You can view the offending resource in the Console tab of the Inspect Element window.
It will be listed as:
The page at https://example.com/page displayed insecure content from http://example.com/resource
Of course you might have to reload the page with the Inspect Element window already open.
One of the easiest ways to do it is to right-click the page in Firefox and select View Page Info. Then go to the Media tab and find anything that is loading from http instead of https.
We've scratched our own itch and wrote a tool that crawls your web-site and tells you what pages have non-SSL resources on them. You just need to enter the root URL of your web site – no need to check every page manually.
http://www.jitbit.com/sslcheck/
I noticed that when I had this problem that a toolbar(uTorrent) was causing the error. I removed the toolbar and the error went away. Not sure why a toolbar would cause an error on my site, but no more problems here with the SSL certificate.
To add to this I right-clicked on the column headings in the Network tab view and selected Protocol.
If you then click on the Protocol heading, the contents of the report will be grouped by HTTPS, etc
In Chrome, you can find out which resources were loaded via http versus https by doing the following:
1) In Wrench menu, choose Tools > Developer tools
2) Click on "Resources" toolbar icon
3) Expand the Frames folder to see the different pages. Expand the page whose resources you want to see. The individual Resources for the page are then listed, broken down by Images, Scripts, and Stylesheets
4) To see the URL that was used to load that resource, just hover the mouse over the resource name and the URL will appear, either with http or https. You can also click on an image name to see the image on the right side, along with its URL
Chrome has their own developer tool.
you can right click a page, inspect it.. and then click the "network" tab and reload the page. you'll see the workflow.
I dont know if any one will be checking this answer
Or you might have found the solution already, but anyway, my answer might help other people suffering from similar issue
http://www.whynopadlock.com/
This is the link that I used to check the insecure content /file which was being loaded to my page.
Hope it helps. :)
I just discovered same behaviour in chrome (firefox showed a green lock), even though all resources were loaded via https.
The reason in my case was that the server supported broken (google poodle) SSLv3.
Setting ssl_protocols to exclude SSLv2 in nginx.conf like so
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
fixed the problem for me.
I consider it unfortunate that chrome doesn't make this reason more transparent. "this page loads some resources insecurely" is very misleading if not wrong.
If you want to crawl your own site from your own desktop for a list of all reasources loaded (not loaded by javascript though, which is worth bearing in mind), if using windows you can use Xenu's link sleuth. Export the TSV file and then right click and open with excel, then sort by URL, you can then find those pesky http resources for all pages on the site!