Funkcjonalność tej witryny będzie ograniczona w czasie konserwacji. Jeśli artykuł nie rozwiązuje twojego problemu i chcesz zadać pytanie, to nasza społeczność wsparcia jest dostępna na @FirefoxSupport na Twitterze i /r/firefox na Reddicie.

Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Więcej informacji

insecure connection

  • 3 odpowiedzi
  • 2 osoby mają ten problem
  • 1 wyświetlenie
  • Ostatnia odpowiedź od paul-ttuhsc

more options

I've confirmed the following problem was introduced in Firefox 57, and continues in v58 and v59b. It does not occur in v56 or prior. It also does not occur in the current versions of Chrome v64 or Safari v11.0.3.

When accessing www.pubmed.gov through a library http rewriting proxy server (ezproxy from OCLC), and clicking a link which targets another web site which has subdomains, FF57 attempts a forced Content Security Policy : Upgrading insecure request. This fails because the proxy uses a wildcard certificate which is invalid for multi-level subdomains.

Screen shot attached.

I've confirmed the following problem was introduced in Firefox 57, and continues in v58 and v59b. It does not occur in v56 or prior. It also does not occur in the current versions of Chrome v64 or Safari v11.0.3. When accessing www.pubmed.gov through a library http rewriting proxy server (ezproxy from OCLC), and clicking a link which targets another web site which has subdomains, FF57 attempts a forced Content Security Policy : Upgrading insecure request. This fails because the proxy uses a wildcard certificate which is invalid for multi-level subdomains. Screen shot attached.
Załączone zrzuty ekranu

Wszystkie odpowiedzi (3)

more options
more options

Does it work if you temporarily disable CSP as a test or does Firefox still tries to use the https: protocol?

You can temporarily disable CSP by toggling this pref to false on the about:config page.

  • security.csp.enable = false

This is a security feature you shouldn't leave it disabled and re-enable this feature once you are done with the website.

You may have to check SiteSecurityServiceState.txt for references to this domain.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

more options

Setting security.csp.enable = false does mitigate the symptoms. However, FF v56 has security.csp.enable = true, and it does not have the same problem as FF v57 and above.