Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why does FireFox prevent a redirect from an HTTPS site to an HTTP site?

  • 8 ŋuɖoɖowo
  • 1 masɔmasɔ sia le esi
  • 1 view
  • Nuɖoɖo mlɔetɔ cor-el

more options

Scenario:

https://websitea.com, available over HTTPS only, with HSTS header set. http://websiteb.com, available over HTTP only.

https://websitea.com has a page that links directly to http://websiteb.com. Users can click this link and be sent there properly https://websitea.com has a different page which links to https://websitea.com/redirect-page. That page is just a redirect to http://websiteb.com. Users that click this link are sent to https://websiteb.com instead of http://websiteb.com.

FireFox is upgrading the redirect from HTTP to HTTPS.

No other browser does this.

I imagine FireFox is doing this because it doesn't want users of Website A, which is a completely HTTPS site, to be sent to an insecure website.

Is this behavior documented somewhere? I'm not sure if it's related specifically to the HSTS header.

Scenario: https://websitea.com, available over HTTPS only, with HSTS header set. http://websiteb.com, available over HTTP only. https://websitea.com has a page that links directly to http://websiteb.com. Users can click this link and be sent there properly https://websitea.com has a different page which links to https://websitea.com/redirect-page. That page is just a redirect to http://websiteb.com. Users that click this link are sent to https://websiteb.com instead of http://websiteb.com. FireFox is upgrading the redirect from HTTP to HTTPS. No other browser does this. I imagine FireFox is doing this because it doesn't want users of Website A, which is a completely HTTPS site, to be sent to an insecure website. Is this behavior documented somewhere? I'm not sure if it's related specifically to the HSTS header.

All Replies (8)

more options

Hello,

Try Firefox Safe Mode to see if the problem goes away. Firefox Safe Mode is a troubleshooting mode that temporarily turns off hardware acceleration, resets some settings, and disables add-ons (extensions and themes).

If Firefox is open, you can restart in Firefox Safe Mode from the Help menu:

  • Click the menu button New Fx Menu, click Help Help-29 and select Restart with Add-ons Disabled.

If Firefox is not running, you can start Firefox in Safe Mode as follows:

  • On Windows: Hold the Shift key when you open the Firefox desktop or Start menu shortcut.
  • On Mac: Hold the option key while starting Firefox.
  • On Linux: Quit Firefox, go to your Terminal and run firefox -safe-mode
    (you may need to specify the Firefox installation path e.g. /usr/lib/firefox)

When the Firefox Safe Mode window appears, select "Start in Safe Mode".

SafeMode-Fx35

If the issue is not present in Firefox Safe Mode, your problem is probably caused by an extension, theme, or hardware acceleration. Please follow the steps in the Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems article to find the cause.

To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.

When you figure out what's causing your issues, please let us know. It might help others with the same problem.

barashkoff trɔe

more options

The behavior still exists in safe mode.

more options

Hello,

Certain Firefox problems can be solved by performing a Clean reinstall. This means you remove your Firefox program files and then reinstall Firefox. This process does not remove your Firefox profile data (such as bookmarks and passwords), since that information is stored in a different location.

To do a clean reinstall of Firefox, please follow these steps: Note: You might want to print these steps or view them in another browser.

  1. Download the latest Desktop version of Firefox from mozilla.org (or choose the download for your operating system and language from this page) and save the setup file to your computer.
  2. After the download finishes, close all Firefox windows (or open the Firefox menu New Fx Menu and click the close button Close 29).
  3. Delete the Firefox installation folder, which is located in one of these locations, by default:
    • Windows:
      • C:\Program Files\Mozilla Firefox
      • C:\Program Files (x86)\Mozilla Firefox
    • Mac: Delete Firefox from the Applications folder.
    • Linux: If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see Install Firefox on Linux. If you downloaded and installed the binary package from the Firefox download page, simply remove the folder firefox in your home directory.
  4. Now, go ahead and reinstall Firefox:
    1. Double-click the downloaded installation file and go through the steps of the installation wizard.
    2. Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.

More information about reinstalling Firefox can be found here.

WARNING: Do not use a third party uninstaller as part of this process. Doing so could permanently delete your Firefox profile data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. These cannot be easily recovered unless they have been backed up to an external device! See Back up and restore information in Firefox profiles.

Please report back to say if this helped you!

Thank you.

more options

Hello, a clean re-install made no difference either.

more options

Hello,

What extensions do you use in your Firefox?

more options

Why do you think it's related to my extensions? The problem is still there on a completely clean install without any extensions enabled.

more options

bkosborne said

Why do you think it's related to my extensions? The problem is still there on a completely clean install without any extensions enabled.

Did this clean install mean any and all previous FF was removed and the Mozilla folder deleted?

more options

Can you post a example link to web pages where this happens, so we can check the server response?