Firefox (current) Iceweasel 38.5.0ESR always rewrites http://wikipedia.org to https://wikipedia.org
Odd behavior, Firefox (current) Iceweasel 38.5.0ESR always rewrite the "HTTP" with "HTTPS" when accessing wikipedia.org or any subdomain thereof.
No plugins, clean installs (even OS installs), no cache, no bookmarks, nothing. I even deleted the search provider XML file and manually removed all caches and setting files.
No proxies, no DNS redirects, it's not HTTP headers (as the browser OS isn't connected to any network).
Any ideas?
Ọ̀nà àbáyọ tí a yàn
Okay, figured it out, what a pain.
If you run Firefox/Iceweasel for the first time connected to the internet the wikipedia search provider reaches out to https://wikipedia.org at which point the wikipedia web servers send back HTTP Strict Transport Security (HSTS) headers.
Now Firefox/Iceweasel stores that *.wikipedia.org and won't let you connect without HTTPS ever again, no matter how much you beg and plea and try faking it out with self-signed certs.
To resolve this issue easily I installed the "Force-TLS" add-on which lets you manage that backing store, then using that add-on created an exception for *.wikipedia.org, tested. Afterwards I removed the add-on completely and everything is the way I need it.
However, if you connect back to the public internet and go to https://wikipedia.org the cycle starts over (assuming they still hand out those headers, it appears not all of their web servers do).
I would like to know where the "never connect with HTTP again since HSTS headers were received" bit is stored just out of curiosity.
Ka ìdáhùn ni ìṣètò kíkà 👍 0All Replies (3)
Ọ̀nà àbáyọ Tí a Yàn
Okay, figured it out, what a pain.
If you run Firefox/Iceweasel for the first time connected to the internet the wikipedia search provider reaches out to https://wikipedia.org at which point the wikipedia web servers send back HTTP Strict Transport Security (HSTS) headers.
Now Firefox/Iceweasel stores that *.wikipedia.org and won't let you connect without HTTPS ever again, no matter how much you beg and plea and try faking it out with self-signed certs.
To resolve this issue easily I installed the "Force-TLS" add-on which lets you manage that backing store, then using that add-on created an exception for *.wikipedia.org, tested. Afterwards I removed the add-on completely and everything is the way I need it.
However, if you connect back to the public internet and go to https://wikipedia.org the cycle starts over (assuming they still hand out those headers, it appears not all of their web servers do).
I would like to know where the "never connect with HTTP again since HSTS headers were received" bit is stored just out of curiosity.
Ti ṣàtúnṣe
That was very good work. Well Done. Please flag your last post as Solved Problem so others will know.
The only difference between "HTTP" and "HTTPS" is that the latter means the link is secured.
This fixes it without the nasty plugin:
about:config New value (right click) "Integer”, “test.currentTimeOffsetSeconds”,“11491200”