sticky https
-
- Posts: 131
- Joined: June 27th, 2005, 6:17 am
sticky https
There is a site which supports both http and https - both http://example.com/url and https://example.com/url return the same data. Once https has been used seamonkey completely switches to https for this site e.g. I open http://example.com/url and get what I asked for - http, then I open https://example.com/url1 and again get what I asked for - https, but if now I try to open http://example.com/url2 I will get https://example.com/url2, not http and so on for all subsequent requests to http://example.com until seamonkey is restarted. Traffic goes through a proxy and proxy log shows that I am not redirected by the site, seamonkey never makes http request and goes straight to https. How can I stop seamonkey from doing it?
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: sticky https
Any change if you connect direct?Traffic goes through a proxy
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 1504
- Joined: October 1st, 2014, 3:25 pm
Re: sticky https
It's a security feature called HSTS (Strict Transport Security) and it is not recommended to disable it. You can clear out HSTS settings in the Data manager in theory, but idk if that part of the data manager works in 2.38 or not.
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: sticky https
Is that what's doing that?
If that's the case, then you want the file, SiteSecurityServiceState.txt in your Profile folder.
Exit SeaMonkey
Rename SiteSecurityServiceState.txt to SiteSecurityServiceState.txt.OLD
Start SeaMonkey & test
(Alternatively you could edit the file, deleting the example.com entries. Note that the file uses TAB characters, so you'd need to use an editor that would not affect those.)
[Though I'm thinking its not going to be HSTS...?]
{Maybe? With HSTS, usually its that you cannot access a site. Suppose it could be that it would roll from http to https? Guess it also kind of depends on coding used on the site in question.}
<Yep, I guess you're right. It is going to be HSTS. That's a bugger of a thing & doesn't seem to be well thought out.>
If there's no change, exit SeaMonkey & rename the file back.
If that's the case, then you want the file, SiteSecurityServiceState.txt in your Profile folder.
Exit SeaMonkey
Rename SiteSecurityServiceState.txt to SiteSecurityServiceState.txt.OLD
Start SeaMonkey & test
(Alternatively you could edit the file, deleting the example.com entries. Note that the file uses TAB characters, so you'd need to use an editor that would not affect those.)
[Though I'm thinking its not going to be HSTS...?]
{Maybe? With HSTS, usually its that you cannot access a site. Suppose it could be that it would roll from http to https? Guess it also kind of depends on coding used on the site in question.}
<Yep, I guess you're right. It is going to be HSTS. That's a bugger of a thing & doesn't seem to be well thought out.>
If there's no change, exit SeaMonkey & rename the file back.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 131
- Joined: June 27th, 2005, 6:17 am
Re: sticky https
Sorry, I probably should've told that I've done it ages ago - the file is read-only and has zero length. Not helping in this case.therube wrote:Is that what's doing that?
If that's the case, then you want the file, SiteSecurityServiceState.txt in your Profile folder.
No.therube wrote:Any change if you connect direct?
Data manager was broken in 2.39 - the only reason why I still stick with 2.38.barbaz wrote:but idk if that part of the data manager works in 2.38 or not.
-
- Posts: 1504
- Joined: October 1st, 2014, 3:25 pm
Re: sticky https
OK then go to the Data Manager, select the domain, Permissions tab, check "Use default" for any permissions that say strict transport security.lvm wrote:Data manager was broken in 2.39 - the only reason why I still stick with 2.38.barbaz wrote:but idk if that part of the data manager works in 2.38 or not.
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: sticky https
In my case, not every domain that is in SiteSecurityServiceState.txt is listed under Permissions.
(dslreports.com being a particular exception that I've noticed of late where http: has been falling over to https:.)
Likewise not every ("STS") domain listed in Data Manager is listed in SiteSecurityServiceState.txt.
(Like 4chan.org.)
Note that SiteSecurityServiceState.txt deals with HSTS (HTTP Strict Transport Security), where Data Manager shows what it calls STS (Strict Transport Security) & STS relating to subdomains. Don't know how or if they differ? But what is in one place need not be in the other?
(dslreports.com being a particular exception that I've noticed of late where http: has been falling over to https:.)
Likewise not every ("STS") domain listed in Data Manager is listed in SiteSecurityServiceState.txt.
(Like 4chan.org.)
Note that SiteSecurityServiceState.txt deals with HSTS (HTTP Strict Transport Security), where Data Manager shows what it calls STS (Strict Transport Security) & STS relating to subdomains. Don't know how or if they differ? But what is in one place need not be in the other?
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
-
- Posts: 8779
- Joined: May 7th, 2007, 12:07 pm
Re: sticky https
Data Manager works in 2.39. It is the Permissions Manager that is broken. It is broken in 2.40 as well.lvm wrote:Data manager was broken in 2.39 - the only reason why I still stick with 2.38.barbaz wrote:but idk if that part of the data manager works in 2.38 or not.
-
- Posts: 131
- Joined: June 27th, 2005, 6:17 am
Re: sticky https
There was nothing related to to strict transport security there. I tried creating new records blocking both using the strict transport security and applying it to subdomains but it changed nothing.barbaz wrote:OK then go to the Data Manager, select the domain, Permissions tab, check "Use default" for any permissions that say strict transport security.
And passwords (and yes, I know about chrome://passwordmgr/content/passwordManager.xul). And preferences. Only cookie manager sort of works.Anonymosity wrote:Data Manager works in 2.39. It is the Permissions Manager that is broken.
-
- Posts: 131
- Joined: June 27th, 2005, 6:17 am
Re: sticky https
Also tried this: https://support.mozilla.org/en-US/questions/942924 - no effect.
-
- Posts: 272
- Joined: January 21st, 2007, 12:52 pm
Re: sticky https
I have been frustrated and was wondering why when I update the cookies permissions settings in SM 2.40 data manager that the settings failed to save. So now I am unable to access some site contents because cookies were previously blocked manually via the permissions manager, and I'm trying to unblock them but found that it's not possible to change it via the permissions manager. This must be fixed soon. The temporary workaround is to right click the domain in question in data manager and use FORGET function to delete all data related to that one domain.Anonymosity wrote:Data Manager works in 2.39. It is the Permissions Manager that is broken. It is broken in 2.40 as well.
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: sticky https
Bug 708110 - Enable back the old managers in place of the new Data Manager for cookies, passwords and popups
chrome://communicator/content/permissions/cookieViewer.xul
(Considering you never know what kind of state anything is in, always good to have backups .)
chrome://communicator/content/permissions/cookieViewer.xul
(Considering you never know what kind of state anything is in, always good to have backups .)
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript