Showing results for 
Show  only  | Search instead for 
Did you mean: 
New member
Status: New idea

Very often I find Firefox displaying a warning message that a certain site is not secure.  I am going to make a wild guess that the Firefox request does not allow for adequate process for request forwarding.  When I was configuring Apache, I included a redirect for all http traffic to connect to https service.  I really don't know this to be the case, but something is generating false negatives for connection requests to https enabled sites.

New member

Agreed - there are many false negatives, as an example:   which forwards to and works correctly, despite the Firefox warning message in between these two screens

New member

This has been annoying me a lot lately, my suggestion on how this can be addressed in three parts:

1) In https only mode, when protocol isn't specified it should default to https instead of the current behavior of http. Maybe add a prompt on a failed connection to "Try again with http?" with appropriate security warnings.

2) When connecting to http it should check for 301/302 and if the redirect is just a protocol change, silently accept it instead of prompting (you're obviously going to that site, and it's clearly not a hijack by way of http if all they're doing is sending you to the https version of the exact same site and page)

3) When receiving a redirect to a *different* URL, instead of saying a generic "this site is insecure" it should prompt something like "this site is redirecting to <address> but it's identity can't be verified"