30

tl;dr I want to browse an http-based URL but Firefox will not let me.

A local network HTTP server is at http://host (port 80) and the corresponding HTTPS server is at https://host (port 443).

When I type into the Firefox Address Bar http://host, Firefox insists on changing the URL to https://host.
Using the Web Developer ToolsNetwork tab, I can see Firefox goes directly to https://host despite my entry of http://host. Firefox is not receiving an HTTP 300 Redirect from the server.

How do I instruct Firefox to not overwrite http with https?
How do I instruct Firefox to connect to http://host?


Using Firefox 100 on Windows 10.

Improve this question
8
  • 3
    I commend your attention to support.mozilla.org/en-US/kb/… Commented May 17, 2022 at 19:44
  • 3
    Did your HTTPS server perhaps, at any point in the recent past, serve a HSTS header? Commented May 17, 2022 at 19:51
  • 1
    also, if you haven't enabled HTTPS-Only mode, and have never had HSTS on the HTTPS version of the site,look at this: support.mozilla.org/en-US/questions/959914 . Once you have visited a site in HTTPS the address bar will remember and always prefer HTTPS. Commented May 17, 2022 at 21:51
  • 1
    Thanks @DanielB . In my case, according to the Network tab, the selection of https instead of http occurs before any HTTP communication occurs. Also, in the Network tab, I checked Disable Cache. ⠀⠀⠀However, you wrote "any point in the recent past, serve a HSTS header". Firefox reported "host has a security policy called HTTP Strict Transport Security (HSTS)". This may be the culprit. Commented May 19, 2022 at 19:56
  • 1
    An immediate workaround I found is to use the IP Address of the host, e.g. http://192.168.0.1. Then I was able to connect via http (to port 80). This is likely because no HSTS header (Strict-Transport-Security) has been seen by Firefox for that host association. Commented May 19, 2022 at 20:04

7 Answers 7

Reset to default
13

I ran into this while using dev as an alias for 127.0.0.1 because I wanted to use a host header with nginx to access a virtual server.

Turns out that's now a real TLD and part of what's called the "preloadlist". None of the above suggestions worked for me, but these did:

Summary: set network.stricttransportsecurity.preloadlist to false

Improve this answer
4
  • 3
    Instead of linking to other issues, just tell people to set network.stricttransportsecurity.preloadlist to false. Commented Sep 19, 2023 at 9:25
  • 2
    I could, but I wanted to give those posts the credit, and they also contain more context than I provided because I didn't feel like repeating it. Just like how SO staff routinely mark a question as a duplicate and link to an older version... Commented Sep 19, 2023 at 13:32
  • 2
    The StackOverflow guidelines on a good answer are that including links is not a bad idea, but the rest of the answer should be self-sufficient. meta.stackexchange.com/questions/225370/… Commented Sep 22, 2023 at 11:30
  • 3
    Did not work for me (Firefox 120) Commented Nov 24, 2023 at 14:24
8

Neither

  • browser.fixup.fallback-to-https: false
  • browser.urlbar.autoFill: false
  • HTTPS Only disabled in settings
  • HTTPS Only enabled and correct exceptions set

and all possible combinations of them did the trick consequently, but

  • browser.fixup.alternate.protocol: http

fixed it for me

Improve this answer
3
4

Take a look at HTTPS-Only Mode in Firefox and check, if HTTPS-Only Mode is enabled.

Improve this answer
1
  • 2
    Thanks @MBehrens. Good suggestion. However, the setting was already set to Don’t enable HTTPS-Only Mode. . Commented May 19, 2022 at 19:49
3

tl;dr use the IP Address

IP Address

Instead of browsing to a URL of the named host, e.g. http://host, browse to the URL of the IP Address, e.g. http://192.168.1.2.

Firefox and other browsers will not forcibly insist on https protocol if Don’t enable HTTPS-Only Mode is set.

In Settings page (about:preferences), section Privacy & Security, change HTTPS-Only Mode to Don’t enable HTTPS-Only Mode

HTTPS-Only Mode

Other configurations to consider

  • in about:config page, change browser.fixup.fallback-to-https to false (thanks @ubfan1)
  • search "HTTPS" and tweak other settings until you have it

Related, browsing to the IP Address URL also allows an opportunity to skip TLS certificate checking for https connections.

Improve this answer
9
  • 4
    Wish it were true, but Firefox 106.0.4 still insists on using https on IP address connections. Even if exceptions are added to the "use https" and even if "don't use https" is checked. Maybe you have some other setting which actually will allow http? Commented Nov 3, 2022 at 22:33
  • @ubfan1 I tested it again and still works for me. Using Firefox 106.0.3. I have set HTTPS-Only Mode to option Don’t enable HTTPS-Only Mode. Also have setting Enable DNS over HTTPS as unchecked. Using Private setting Standard. I also tested against a site not in my Bookmarks using a quickie HTTP server python3 -m http.server 80. I was able to browse the non-bookmarked site at http://192.168.1.1:80. Commented Nov 4, 2022 at 0:14
  • 1
    I found that setting browser.fixup.fallback-to-https to false in about:config will prevent the https switch to http (and reverted the dozen or so other changes I had made on various https settings). So now I get the refused connection like Chrome. I did try some TLS and SSL changes, but connection still refused. Getting an old Firefox version looks like my best bet at this time -- an old program to connect to old devices. Thanks for the help. Commented Nov 4, 2022 at 15:41
  • 1
    This is not a good solution. Many sites nowadays use name-based virtual hosting. The IP address alone isn't enough. The hostname is a required ingredient. Commented Nov 4, 2022 at 19:18
  • 1
    Did not work for me (Firefox 120) Commented Nov 24, 2023 at 14:25
1

I realized that I was getting this same error while trying to go to http://192.168.x.x/somepage.html when actually I needed to be going to http://192.168.x.x:5000/somepage.html. When I had forgotten to include the port number, I was getting upgraded to https no matter what I tried. Once I included the appropriate port, it worked just fine with http.

Improve this answer
0
0

I'm not sure when this was implemented**, but all I needed to do was to go into Settings in Firefox and find "HTTPS-Only Mode", click "Manage Exceptions" and add http://[host] and click "Turn Off". Now that host loads fine over http.

Today at least, I'd try that first.

** I think not recently, because I already had an older host I had added before there. For further information see support article HTTPS-Only Mode in Firefox.

Improve this answer
0

Try using a .home.arpa domain for your local development needs. I believe this can be a better option than localhost, especially when your web development setup requires regular FQDNs.

Improve this answer
1
  • Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. Commented Mar 22 at 17:33

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.