Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

HTTPS-Only Mode

  • 7 réponses
  • 1 a ce problème
  • 11 vues
  • Dernière réponse par cor-el

more options

I want to use HTTPS-Only mode, but Firefox enforces it on my private network as well as the public network. Because I do not have certificates for any of my private network hosts HTTPS-Only mode blocks all internal network traffic. The suggested temporary workaround is impractical. Is there a way for Firefox to check the hosts file for a local name/ip or is there another fix for this?

I want to use HTTPS-Only mode, but Firefox enforces it on my private network as well as the public network. Because I do not have certificates for any of my private network hosts HTTPS-Only mode blocks all internal network traffic. The suggested temporary workaround is impractical. Is there a way for Firefox to check the hosts file for a local name/ip or is there another fix for this?

Solution choisie

Hi cor-el, running this script in the Browser Console adds exceptions successfully:

/* Add Exceptions to HTTPS-only for listed origins -- only edit next line */
var myOrigins = ['http://example.com', 'http://example.org'];
/* Don't edit below this line */
function addException(url){
  let uri = Services.io.newURI(url);
  let principal = Services.scriptSecurityManager.createContentPrincipal(uri, {});
  Services.perms.addFromPrincipal(principal, 'https-only-load-insecure', 1, 0);
}
for (var i=0; i<myOrigins.length; i++) addException(myOrigins[i]);
 

Based on: https://searchfox.org/mozilla-release/source/browser/base/content/test/siteIdentity/browser_identityPopup_HttpsOnlyMode.js#148

Perhaps it is possible to adapt that to an Autoconfig script to set up multiple PCs with an array of origins at startup?

Note: To remove the new permissions for those two origins from permissions.sqlite after testing, re-run it with these changes (session only permission):

Services.perms.addFromPrincipal(principal, 'https-only-load-insecure', 9, 1);

Lire cette réponse dans son contexte 👍 0

Toutes les réponses (7)

more options

Can you disable HTTPS if you click the padlock button ?

more options

That is one of the impracticable workarounds because it must be done for every URL on each host from every user's and guest's computer. I'm not sure how many unique URLs there are but there are 6 host servers and 7 users and about 12± guests on my home network.

more options

Why don't you disable HTTPS-Only mode if this causes that much problems ?

more options

I'm not using HTTPS-Only Mode because of that. I'd use it if Firefox could determine id a URL was on a local network or on the public network - a trivial determination. IMO it is a major failure on the part of Firefox developers. Otherwise, I like Firefox mostly due to TOR, but have considered moving.

more options

There is a dom.security.https_only_mode.upgrade_local pref that defaults to false.

more options

Solution choisie

Hi cor-el, running this script in the Browser Console adds exceptions successfully:

/* Add Exceptions to HTTPS-only for listed origins -- only edit next line */
var myOrigins = ['http://example.com', 'http://example.org'];
/* Don't edit below this line */
function addException(url){
  let uri = Services.io.newURI(url);
  let principal = Services.scriptSecurityManager.createContentPrincipal(uri, {});
  Services.perms.addFromPrincipal(principal, 'https-only-load-insecure', 1, 0);
}
for (var i=0; i<myOrigins.length; i++) addException(myOrigins[i]);
 

Based on: https://searchfox.org/mozilla-release/source/browser/base/content/test/siteIdentity/browser_identityPopup_HttpsOnlyMode.js#148

Perhaps it is possible to adapt that to an Autoconfig script to set up multiple PCs with an array of origins at startup?

Note: To remove the new permissions for those two origins from permissions.sqlite after testing, re-run it with these changes (session only permission):

Services.perms.addFromPrincipal(principal, 'https-only-load-insecure', 9, 1);

more options

Note that you can also use createContentPrincipalFromOrigin():

var myOrigins = ['http://example.com', 'http://example.org'];
function addException(uri){
 let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(uri);
 Services.perms.addFromPrincipal(principal, 'https-only-load-insecure', 1, 0);
}
for (var i=0; i<myOrigins.length; i++) addException(myOrigins[i]);

You can also use this code to remove a permission:

var myOrigins = ['http://example.com', 'http://example.org'];
function remException(uri){
 let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(uri);
  Services.perms.removeFromPrincipal(principal, 'https-only-load-insecure');
}
for (var i=0; i<myOrigins.length; i++) remException(myOrigins[i]);