I'm using Firefox, and while setting up a server, I have been fiddling around with redirects. Now, Firefox has cached a 301 redirect from http://example.com/ to https://example.com/ and from http://sub.example.com/ to https://sub.example.com/.
I've tried the following things:
History -> Show all history -> Forget about this site.
Checked that no bookmark with https://example.com/ is present.
Changing browser.urlbar.autoFill to false in about:config.
Changing browser.cache.check_doc_frequency from 3 to 1.
Options -> Advanced -> Network -> Chached Web Content -> Clear now.
None of the above works, so I checked the redirect with wheregoes.com and it doesn't show any redirect from http to https.
I've even changed the DNS to point to another IP served by a server, where I've never set up redirection - the redirection is still in effect.
I've also tried in Private Browsing in Firefox, and there is no redirect there. I've tried in Google Chrome, and there is also no redirect here.
I've also tried to make a redirect from https to http which worked in Google Chrome, and yielded a redirection error in Firefox.
My version of Firefox is 38.0.1, and I'm using Windows 8.1. I use the following addons: AddBlock, Avast! and LastPass. Avast! may not be the issue, as I've disabled it while testing.
What I can do about it?
"Sites preferences" are the culprit. Wasted 45min of my life finding how to fix it despite all the kb/support.mozilla tricks which does not solve your issue nor did mine. I don't know what triggers this issue, but several of my websites started to go pear-shaped in a few weeks only affecting me and only firefox.
That's the solution you are all looking for:
Go to Preferences
Privacy
Click 'Clear your history' (nothing will happen yet, click safely)
Once the pop-up appears, click Details.
Untick everything except 'Sites Preferences'
Select 'Everything' in the select box at the top
Click Ok
Try now
PS: What I did try that did not worked for me are:
urlbar.autofill false
Forget Website trick
Safe mode
We all know it is not an HSTS issue when a website you own and you accessed before never got https support but now FF wants you to use https... It is just a firefox bug IMO.
The solution that worked for me:
Go to about:config
Look for network.stricttransportsecurity.preloadlist and set it to false
Enjoy
If the above STILL DOES NOT WORK, try setting browser.fixup.fallback-to-https to false from about:config
Using Firefox 100 or above you may also need:
dom.security.https_first to false
dom.security.https_first_pbm to false (this one is for anonymous windows)
I had the same problem but the answer was that I used a .dev extension to access my local websites !
I cleared all historic data in FF and nothing changed.
Searching for another solution, I found this page https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. If you're looking for a quick "search and replace" alternative for existing setups, consider the .test gTLD, which is a reserved name by IETF for testing (or development) purposes.
I changed my local website extensions from .dev to .test and all work perfectly !
Alternative solution, easy.
Open Firefox and in the address bar type this URL
http://example.com/?fake_parameter_to_bypass_cache
This should force the browser to reload the web page from http://
None of the answers worked for me, the only the one was the one in the comment of Muhammad so thanks in advance to him, I copy the answer here to make it easier:
Go to about:config
Look for browser.fixup.fallback-to-https and set it to false
Check your extensions!
In my case, DuckDuckGo Privacy Essentials extension was causing this redirect. I disabled it, and the problem is solved.
Now (Firefox 84) it is much simpler to clear the site's data. Just click the padlock icon on the left of the address bar. Then choose "Clear cookies and site data".
I had the same situation as what OP did. It helped me to clear the HTTPS redirect.
Here's what worked for me on Firefox v98.0.2:
Settings -> General
Network Settings -> Settings
Uncheck "Enable DNS over HTTPS
I tried the 'correct' answer, plus the comment about including cache in the deletion, and I was still having issues with my problem site.
I opened the firefox profile directory and searched for the website name in all files.
I found it in 'logins-backup.json' and deleted that file to finally fix the problem.
In my case, I decided to use a *.dev domain for local development. But then I tried to open the site in Firefox, and after a while I realized it uses HTTPS, even when I start the url with "http://..." I tried to right-click on the link in the History, and choose Forget About This Site, or clear the cache. But it didn't help.
Later I found out that the dev domain is in HSTS preload list these days. Which means Firefox and Chrome (and probably others) don't let you access the subdomains w/o HTTPS. More on it here and here.
In my case, it was an addon that did it: disabling DuckDuckGo privacy essentials fixed it.
I had this issue when running Firefox with OWASP ZAP proxy.
I didn't knew it was the proxy causing this.
In hindsight it's easy to test this: run Firefox without OWASP ZAP proxy to see if it works.
To get it working with OWASP ZAP, turn off Heads Up Display (HUD) or enable the HUD only for URL's that are in scope.
My problem was caused by the HTTPS by default extension. There is a bug that opens HTTP bookmarks with HTTPS. To work around, open "HTTPS by default" Preferences pane and enter domain name exclusion.
None of these suggestions worked for me in Firefox v101. What worked for me is changing the value of security.tls.version.min from 3 to 1 in about:config.
[NOTE: After I changed this setting, Firefox initially redirected from http to https. But this time Firefox allowed me to "accept the risk and continue," which wasn't possible when security.tls.version.min was set to 3. --end note]
See also: https://support.mozilla.org/en-US/questions/1116550
Lets get back to the old firefox that was amazing, the 3.6.
Nowadays is full of crap for us developers, and sysadmins.
I have tons of sites in intranet that cannot have a valid ssl, this is a major deal. I cannot download "deb" files because its a threat, i cannot this and cannot that... why? I am a power user i know what to do whit, why should I (we) be treated like the rest of the users?
The cache, i cannot disable the cache to 100% why?
In a blip of a second i will be using links as my browser.
Firefox should have a expert mode, where none of this crap happens.
I am mad with firefox and chrome. That is why i still use firefox 3.6 in a lot of cases, to bypass stupid restrictions.
Now, I had this issue on my workstation's development site. I had an old site that I still wanted to reference, and I couldn't get http to work for anything. There was not https binding, either.
Finally, I realized I had a url-rewrite in my webconfig that redirected all http to https...
hahahaha
Disabling https, is not an absolute in Firefox. Some sites will redirect and may not offer http.
However to choose one url over the other if it is an option you can disable autofil:
Address Bar Search In order to change your Firefox Configuration please do the following steps :
In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
Click I'll be careful, I promise! to continue to the about:config page.
In the filter box, type or paste autofill and pause while the list is filtered
Double-click browser.urlbar.autoFill to toggle it from true to false.
I've seen a ton of games and what not opening their applications using links like "game://15.64.15.64:25876" or something.
I want to be able to launch my game's .exe from my website for users who installed it, and for it to work on any browser; At the same time I want to be able to pass a parameter (just 1).
What registry values would need to be added/modified for this to work for all browsers? If there's extra steps to setting it up in all browsers, can you explain these steps? Other questions I've found didn't quite help or worked only in IE. I require Firefox, Chrome, and IE at the least.
A similar question was asked here:
How do I make the website execute links?
You would end up with a structure like this in your registry:
HKEY_CLASSES_ROOT
game
(Default) = "URL:Game Protocol"
URL Protocol = ""
DefaultIcon
(Default) = "game.exe,1"
shell
open
command
(Default) = "C:\Games\YourGame\game.exe" "%1"
See this article on MSDN for details:
Registering an Application to a URI Scheme
As mentioned by OP, the above approach only works in IE. Here are some thoughts on how to make it work in other browsers:
Chrome: Is it possible to open custom URL scheme with Google Chrome?
Firefox: Writing a Firefox Protocol Handler
One way I can think is download a file from browser ( gamesession.gme or your extension)
and set your game as the default application for that extension.
I have found a strange issue which I do not completely understand. When I run the LoadRunner with just a single protocol, the browser (when recording starts) is ran but says "page not found" (as if the proxy was not set).
How come? The protocols specify what traffic will be captured but I assumed in just does not record the ones not specified. But why the browser could not find the page in single protocol and could in multiple?
I've found that the single protocol mode (I assume web here) is somewhat erratic and does not work all the time. The workaround is to use the multiple protocol mode, but select only Web (HTTP/HTML). This works much better.
The actual reasons for why this is the case are unknown, but at least give it a try!
As for other issues:
Check that your PROXY settings are correct when you invoke IE for recording. Your issue sounds a little like a proxy issue, but please post more details if none of the above works.
Over 90% of recording issues can be tracked to environment items, specifically do you have the right match up between version of LR and version/manufacturer of your browser plus are you signed in with the proper credentials plus do you have any conflicting software packages loaded, such as antivirus, which could be impacting the recordingf mechansim.
Where to start?
Makes sure you are signed in with Administrative credentials
Disable any antivirus running locally
Validate your browser manufacturer and version with the requirements for your version of LoadRunner
When I browse the web with IE10 in win8's Metro part there is no problem but when I try to view page that is located on server in my local network(the same subnet) it displays this message:
This page can't be displayed
•Make sure the web address http://192.168.1.100 is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.
If following these suggestions didn't work, resetting your connection might help.
Reset connection [<-a button here]
Get more help with connection problems
Now the funny part is that there is an option in metro version of ie10 to open page on desktop (in regular IE10) and than it works with no problem.
I can't find or think of any security setting that would restrict browsing websites inside your own local network.
(this is Windows 8 32Bit Release Preview build 8400)
Any ideas?
This is related to EPM (Enhanced Protected Mode) in IE10. It's hard to summarize in an answer here, but Eric Lawrence (a PM on the IE team) has an excellent post detailing everything about EPM:
http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx
In particular, read the "Loopback-blocked" and "Private Network resources" sections.
In your case, you might try one of these approaches:
Try aliasing the dotted hostname (http://192.168.1.100) via a custom DNS entry (e.g. http://myservice)
Change the Trusted Zones settings
See if your network connection was established as sharing or non-sharing, which would trigger private vs. public mode.
Again, see Eric's post for the details of each of these.
I'm trying to find a non-SSL resource that is being loaded on my site.
This happens occasional where one of us forgets to use the https version of a resource (like some js in a CDN).
My question is there any firebug-like tools to find these "Turds in the punch bowl"? I want my green padlock back :)
Besides Firebug, which you've mentioned, you can use the developer tools in Chrome:
Tools menu -> Developer Tools
Go through the list of loaded resources in the Network tab
Alternatively, the HttpFox extension for Firefox can also be useful. It will keep logging the traffic even when you change pages, which may be useful in some cases.
(This is very similar to Firebug.)
mitm-proxy is great for stuff like this - http://crypto.stanford.edu/ssl-mitm/
You run it on your local machine in a console window, set your browser to use it as a proxy, and you can watch /log everything that your browser requests. It's a little noisy since it shows SSL hand-shaking and file contents, but you can filter that down. When you need to debug SSL communications it's invaluable to see those details though..
mitm-proxy is based on http://grinder.sourceforge.net/g3/tcpproxy.html which has more in the way of scripting capabilities.