cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
KERR
Making moves
Status: New idea

Using this test website, Firefox offers no way to proceed past the HSTS error:

https://subdomain.preloaded-hsts.badssl.com/

KERR_2-1646179948211.png

 

Vivaldi allows you to continue by clicking a proceed:

KERR_1-1646179771430.png

 

Chrome and Edge allow you to proceed by typing "thisisunsafe"

KERR_0-1646179703168.png

It would be handy to let us bypass these warnings (at our own risk), similar to how we can add exceptions to sites with invalid certs. It's not a common use case, but coming across one of these means my only option is to use Chrome/Edge/Vivaldi.

26 Comments
ocdtrekkie
New member

Yeah, this is definitely one of those cases where a bad and malicious spec is actually making people less safe, and ultimately causing them to go use a different web browser sometimes just to view plain HTML pages they know and trust the content of. This needs to get fixed, and it needs to stop getting ignored or punted by Mozilla staff.

firefox1337
New member

They won't do anything mate; They don't understand nor listen and are very stubborn (just read the comments).

I'm still using and liking Firefox but it's saddening to watch the devs not seeing the big picture and the risk of disabling security for the whole browser instead of just one website for just once.

 

I still have a bit of hope though, if one of them is reading all our messages about this subject.

hellohi
New member

>> If you want to argue it's not the browser's job to automatically act on behalf of the user, turn off your firewall, antivirus, swap file, crash recovery, etc.

>Yes, that's the point. We can turn all those things off when needed. The same should apply to HSTS.

You quite literally can, by following the directions given on the fifth reply to this post

industrial6
New member

Is there really no way to disable this, even temporarily?! I am a sysadmin and I NEED to be able to override things from time to time.
No wonder devs and coders are switching to Edge....
I refuse to give up Firefox, but you folks sure are making others want to.

dveditz
Employee
Employee

@industrial6: yes, back on the first page there were a couple of ways given to disable this temporarily

https://connect.mozilla.org/t5/ideas/allow-firefox-to-bypass-hsts-errors/idi-p/163#M15411

(note: since that answer the profile storage has migrated from SiteSecurityServiceState.txt to SiteSecurityServiceState.bin and you won't be able to delete individual lines. That option will require blowing away HSTS information for all domains.)

cch
New member

There was a time when FF was considered a developer-friendly browser.  Now it has morphed into a "nanny" browser.

Between the HSTS labyrinth and Zendesk's perpetually broken support for FF, I'm moving on after 13 years.