sticky https

[lvm]

There is a site which supports both http and https - both http://example.com/url and https://example.com/url return the same data. Once https has been used seamonkey completely switches to https for this site e.g. I open http://example.com/url and get what I asked for - http, then I open https://example.com/url1 and again get what I asked for - https, but if now I try to open http://example.com/url2 I will get https://example.com/url2, not http and so on for all subsequent requests to http://example.com until seamonkey is restarted. Traffic goes through a proxy and proxy log shows that I am not redirected by the site, seamonkey never makes http request and goes straight to https. How can I stop seamonkey from doing it?

[therube]

Traffic goes through a proxy

Any change if you connect direct?

[barbaz]

It's a security feature called HSTS (Strict Transport Security) and it is not recommended to disable it. You can clear out HSTS settings in the Data manager in theory, but idk if that part of the data manager works in 2.38 or not.

[therube]

Is that what's doing that?
If that's the case, then you want the file, SiteSecurityServiceState.txt in your Profile folder.

Exit SeaMonkey
Rename SiteSecurityServiceState.txt to SiteSecurityServiceState.txt.OLD

Start SeaMonkey & test

(Alternatively you could edit the file, deleting the example.com entries. Note that the file uses TAB characters, so you'd need to use an editor that would not affect those.)
[Though I'm thinking its not going to be HSTS...?]
{Maybe? With HSTS, usually its that you cannot access a site. Suppose it could be that it would roll from http to https? Guess it also kind of depends on coding used on the site in question.}
<Yep, I guess you're right. It is going to be HSTS. That's a bugger of a thing & doesn't seem to be well thought out.>

If there's no change, exit SeaMonkey & rename the file back.

[lvm]

Is that what's doing that?
If that's the case, then you want the file, SiteSecurityServiceState.txt in your Profile folder.

Sorry, I probably should've told that I've done it ages ago - the file is read-only and has zero length. Not helping in this case.

Any change if you connect direct?

No.

but idk if that part of the data manager works in 2.38 or not.

Data manager was broken in 2.39 - the only reason why I still stick with 2.38.

[barbaz]

but idk if that part of the data manager works in 2.38 or not.

Data manager was broken in 2.39 - the only reason why I still stick with 2.38.

OK then go to the Data Manager, select the domain, Permissions tab, check "Use default" for any permissions that say strict transport security.

[therube]

In my case, not every domain that is in SiteSecurityServiceState.txt is listed under Permissions.
(dslreports.com being a particular exception that I've noticed of late where http: has been falling over to https:.)
Likewise not every ("STS") domain listed in Data Manager is listed in SiteSecurityServiceState.txt.
(Like 4chan.org.)

Note that SiteSecurityServiceState.txt deals with HSTS (HTTP Strict Transport Security), where Data Manager shows what it calls STS (Strict Transport Security) & STS relating to subdomains. Don't know how or if they differ? But what is in one place need not be in the other?

[Anonymosity]

but idk if that part of the data manager works in 2.38 or not.

Data manager was broken in 2.39 - the only reason why I still stick with 2.38.

Data Manager works in 2.39. It is the Permissions Manager that is broken. It is broken in 2.40 as well.

[lvm]

OK then go to the Data Manager, select the domain, Permissions tab, check "Use default" for any permissions that say strict transport security.

There was nothing related to to strict transport security there. I tried creating new records blocking both using the strict transport security and applying it to subdomains but it changed nothing.

Data Manager works in 2.39. It is the Permissions Manager that is broken.

And passwords (and yes, I know about chrome://passwordmgr/content/passwordManager.xul). And preferences. Only cookie manager sort of works.

[lvm]

Also tried this: https://support.mozilla.org/en-US/questions/942924 - no effect.

[webmoebius]

Data Manager works in 2.39. It is the Permissions Manager that is broken. It is broken in 2.40 as well.

I have been frustrated and was wondering why when I update the cookies permissions settings in SM 2.40 data manager that the settings failed to save. So now I am unable to access some site contents because cookies were previously blocked manually via the permissions manager, and I'm trying to unblock them but found that it's not possible to change it via the permissions manager. This must be fixed soon. The temporary workaround is to right click the domain in question in data manager and use FORGET function to delete all data related to that one domain.

[therube]

Bug 708110 - Enable back the old managers in place of the new Data Manager for cookies, passwords and popups

chrome://communicator/content/permissions/cookieViewer.xul


(Considering you never know what kind of state anything is in, always good to have backups .)