I'm using Firefox, and while setting up a server, I have been fiddling around with redirects. Now, Firefox has cached a 301 redirect from http://example.com/ to https://example.com/ and from http://sub.example.com/ to https://sub.example.com/.
I've tried the following things:
History -> Show all history -> Forget about this site.
Checked that no bookmark with https://example.com/ is present.
Changing browser.urlbar.autoFill to false in about:config.
Changing browser.cache.check_doc_frequency from 3 to 1.
Options -> Advanced -> Network -> Chached Web Content -> Clear now.
None of the above works, so I checked the redirect with wheregoes.com and it doesn't show any redirect from http to https.
I've even changed the DNS to point to another IP served by a server, where I've never set up redirection - the redirection is still in effect.
I've also tried in Private Browsing in Firefox, and there is no redirect there. I've tried in Google Chrome, and there is also no redirect here.
I've also tried to make a redirect from https to http which worked in Google Chrome, and yielded a redirection error in Firefox.
My version of Firefox is 38.0.1, and I'm using Windows 8.1. I use the following addons: AddBlock, Avast! and LastPass. Avast! may not be the issue, as I've disabled it while testing.
What I can do about it?
"Sites preferences" are the culprit. Wasted 45min of my life finding how to fix it despite all the kb/support.mozilla tricks which does not solve your issue nor did mine. I don't know what triggers this issue, but several of my websites started to go pear-shaped in a few weeks only affecting me and only firefox.
That's the solution you are all looking for:
Go to Preferences
Privacy
Click 'Clear your history' (nothing will happen yet, click safely)
Once the pop-up appears, click Details.
Untick everything except 'Sites Preferences'
Select 'Everything' in the select box at the top
Click Ok
Try now
PS: What I did try that did not worked for me are:
urlbar.autofill false
Forget Website trick
Safe mode
We all know it is not an HSTS issue when a website you own and you accessed before never got https support but now FF wants you to use https... It is just a firefox bug IMO.
The solution that worked for me:
Go to about:config
Look for network.stricttransportsecurity.preloadlist and set it to false
Enjoy
If the above STILL DOES NOT WORK, try setting browser.fixup.fallback-to-https to false from about:config
Using Firefox 100 or above you may also need:
dom.security.https_first to false
dom.security.https_first_pbm to false (this one is for anonymous windows)
I had the same problem but the answer was that I used a .dev extension to access my local websites !
I cleared all historic data in FF and nothing changed.
Searching for another solution, I found this page https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. If you're looking for a quick "search and replace" alternative for existing setups, consider the .test gTLD, which is a reserved name by IETF for testing (or development) purposes.
I changed my local website extensions from .dev to .test and all work perfectly !
Alternative solution, easy.
Open Firefox and in the address bar type this URL
http://example.com/?fake_parameter_to_bypass_cache
This should force the browser to reload the web page from http://
None of the answers worked for me, the only the one was the one in the comment of Muhammad so thanks in advance to him, I copy the answer here to make it easier:
Go to about:config
Look for browser.fixup.fallback-to-https and set it to false
Check your extensions!
In my case, DuckDuckGo Privacy Essentials extension was causing this redirect. I disabled it, and the problem is solved.
Now (Firefox 84) it is much simpler to clear the site's data. Just click the padlock icon on the left of the address bar. Then choose "Clear cookies and site data".
I had the same situation as what OP did. It helped me to clear the HTTPS redirect.
Here's what worked for me on Firefox v98.0.2:
Settings -> General
Network Settings -> Settings
Uncheck "Enable DNS over HTTPS
I tried the 'correct' answer, plus the comment about including cache in the deletion, and I was still having issues with my problem site.
I opened the firefox profile directory and searched for the website name in all files.
I found it in 'logins-backup.json' and deleted that file to finally fix the problem.
In my case, I decided to use a *.dev domain for local development. But then I tried to open the site in Firefox, and after a while I realized it uses HTTPS, even when I start the url with "http://..." I tried to right-click on the link in the History, and choose Forget About This Site, or clear the cache. But it didn't help.
Later I found out that the dev domain is in HSTS preload list these days. Which means Firefox and Chrome (and probably others) don't let you access the subdomains w/o HTTPS. More on it here and here.
In my case, it was an addon that did it: disabling DuckDuckGo privacy essentials fixed it.
I had this issue when running Firefox with OWASP ZAP proxy.
I didn't knew it was the proxy causing this.
In hindsight it's easy to test this: run Firefox without OWASP ZAP proxy to see if it works.
To get it working with OWASP ZAP, turn off Heads Up Display (HUD) or enable the HUD only for URL's that are in scope.
My problem was caused by the HTTPS by default extension. There is a bug that opens HTTP bookmarks with HTTPS. To work around, open "HTTPS by default" Preferences pane and enter domain name exclusion.
None of these suggestions worked for me in Firefox v101. What worked for me is changing the value of security.tls.version.min from 3 to 1 in about:config.
[NOTE: After I changed this setting, Firefox initially redirected from http to https. But this time Firefox allowed me to "accept the risk and continue," which wasn't possible when security.tls.version.min was set to 3. --end note]
See also: https://support.mozilla.org/en-US/questions/1116550
Lets get back to the old firefox that was amazing, the 3.6.
Nowadays is full of crap for us developers, and sysadmins.
I have tons of sites in intranet that cannot have a valid ssl, this is a major deal. I cannot download "deb" files because its a threat, i cannot this and cannot that... why? I am a power user i know what to do whit, why should I (we) be treated like the rest of the users?
The cache, i cannot disable the cache to 100% why?
In a blip of a second i will be using links as my browser.
Firefox should have a expert mode, where none of this crap happens.
I am mad with firefox and chrome. That is why i still use firefox 3.6 in a lot of cases, to bypass stupid restrictions.
Now, I had this issue on my workstation's development site. I had an old site that I still wanted to reference, and I couldn't get http to work for anything. There was not https binding, either.
Finally, I realized I had a url-rewrite in my webconfig that redirected all http to https...
hahahaha
Disabling https, is not an absolute in Firefox. Some sites will redirect and may not offer http.
However to choose one url over the other if it is an option you can disable autofil:
Address Bar Search In order to change your Firefox Configuration please do the following steps :
In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
Click I'll be careful, I promise! to continue to the about:config page.
In the filter box, type or paste autofill and pause while the list is filtered
Double-click browser.urlbar.autoFill to toggle it from true to false.
Related
I have an unusual problem that I can't wrap my head around and figure what is causing this and how to tackle it.
I've created a webpage that allows image uploads to the server! After the user uplaoded an image the host of the page receives an e-mail with the path to the uploaded image - really straight forward.
In the e-mail for instance a url like this is coming in.
https://www.something.com/uploads/FB_IMG_1525868856883.jpg
I can open that in Safari on Mac, I can open that in some cases in Chrome Incogntio, but it never renders in Internet Explorer or normal Chrome Window (in Incognito it does)
In the image you see something weird happening. In Incognito a different source is rendered than in a normal chrome window. (this is btw. not a caching issue)
you also see the page-title of the actual website resolved in the normal window, but not in incognito.
Why is that happening? What could cause that? is that some server setting? Some react setting I have to set?
I'm posting this in case someone else runs into it as well. I ran into this same issue where 500 kept happening for me and I knew it was not the extensions.
What fixed it for me:
Open Developer Tools in Chrome
Navigate to Applications Tab
Click "Clear Storage
Click Clear Site Data
As Nitish Phanse said, it is because the page is cached. Turning off browser caching will solve it.
I faced a similar problem, when any of the changes in CSS were not being reflected in the webpage, because the cached version was being used by chrome. However, the changes were visible in other browsers and devices. Turning off caching in chrome solved this problem for me.
I prefer to use incognito mode when developing website because when browsing normally the files are cached, thus, not reflecting the changes you made. When you use incognito mode, fresh cache and cookies are stored and the cache and cookies are disposed when you close the incognito window. Another plus point of using incognito mode for testing is that, it disables all the plugins, unless you explicitly enable them.
You might want to check out this question on Quora for further details on why to use incognito mode when developing websites.
Seems like you use quite amount of Chrome plugins. In Incognito-mode those are disabled by default. Try remove/disable AdBlock etc. stuff which blocks scripts and disallow them from running.
Makes quite a lot sense why they run in other browsers too.
I strongly recommend to NOT use plugins when you do web development. You might see different kind of behaviour with same code as user who do not use them. Only use this approach if you especially wan't to develop under certain conditions.
As most people suggest, it definitely sounds like a caching issue. Incognito doesn't load the page with cache. You could ctrl+f5 the page (reload without chache) and see if it still does it. If the caching itself proves to be an issue, you could add a ghost/phantom string (I don't know if that's the actual correct terminology). Basically you add,
<?php echo '?'.date('Y-m-d H:i:s'); ?>
at the end CSS or JavaScript import (whatever may cause the issue). I.e,
<script src="/js/regexps.js<?php echo '?'.date('Y-m-d H:i:s'); ?>" type="text/javascript"></script>
What this does, is that it will prevent people from caching your file, since the name of that file will change by the second. This way, you make sure that if you make changes to files that are often cached, that everyone gets the uncached changes as you update your CSS/JavaScript or whatever. This is very useful for files where you make JavaScript check for instance, in case you make changes to some regex etc.
Malware Search.sidecubes has affected by mozilla firefox
Using google, I uninstalled all programs which could be related to searchcubes, further I deleted all add-on's and also checked regedit, about:config, checked folders in ../users/appdata/local/mozilla etc etc. I managed to get rid of search.sidecubes getting set as homepage.
But now even after selecting google as default search option (including about:config page), whenever I search anything in search toolbar of firefox it always redirects to search.sidecubes instead of Google.
same issue is also happening in google chrome
I'm not sure your question is well suited for SO. Anyway, Mozilla SUMO has a nice support guide about how to deal with malware on Firefox.
Some suggestions extracted from that page:
If you're executing Firefox from a link, make sure the link does not contain any undesired command line option.
Use the SearchReset addon to clean up your default page and reset settings.
Scan using Malwarebytes Anti-malware free.
As brilliant as Firebug is, I would consider switching my JavaScript debugging to Chrome if I could figure out how to get it to always re-download styles and images on every visit to the page?
When I'm testing a page in Firefox, it always gets the latest version.
But in Chrome I often end up scratching my head over something that turns out to be a simple issue of the browser caching some earlier styles or images.
Is there a way to configure Chrome to cache less while you're developing?
I often use private browsing mode for this - it prevents caching of the stylesheets or scripts.
EDIT:
Another really easy way to do this in Chrome now is to go into the Chrome Developer Tools, click the settings gear (bottom right), and then check "Disable cache." See https://stackoverflow.com/a/7000899/4570.
A bit late to the party, but just for people who may pick up this page on a search, new versions of Chrome have a developers tools setting to disable the cache. Show developer tools (spanner->tools->developer tools) and on the bottom right is a tiny little gear. click that and a few settings appear in the developer tools window, one of which is to disable the browser cache. If you can't see it you may have to upgrade to a newer version of chrome.
Ian
According to Chrome help pages, Ctrl+F5, Shift+F5, Ctrl+R and Shift+R should force refresh. I haven't had problems with javascript and css but refreshing frames is another story. The caching can also be on your web server. The server can obviously be configured to cache css and javascript files.
Your best bet is to clear the cache between each load. With the latest version of Chrome, the hotkey is the same as firefox (on Mac, it's Shift-Command-Del). However, they haven't focused the "Clear Browsing Data" button, so you have to use your mouse to click that button -- which is a total PIA when compared to Firefox (Shift-Command-Del + Return), or Safari (Option-Command-E + Return).
the 2.5 ways i do it are not "automatic" but they're very quick, and i don't have to remember to switch back from private browsing -
a) install Mouse Gestures and use (this is a great extension anyways, but even more so now that I know about) Up, Down, Up - this is a cacheless reload. You can get it here
b) ctrl+shift+r is [supposed to be] a cacheless reload. Even the help pages admit this isn't perfect
c) the .5 is a kind of a hack - but if you are working with CSS files, open a new tab and type in the address to the CSS file itself - you can see what changes are there, as well as make sure that you've gotten the latest one by refreshing this file before your other file. a bit of a pain, i know, but always works.
Not sure about your system but on this WinXP machine holding SHIFT while clicking refresh always forces a complete download.
That's what I do when doing CSS and image tweaks.
That Chrome needs to have must-revalidate in the Cache-Control` header in order to re-check files to see if they need to be re-fetched the way that the other browsers do by default.
Recommend the following response header:
Cache-Control: must-validate
This tells Chrome to check with the server, and see if there is a newer file. IF there is a newer file, it will receive it in the response. If not, it will receive a 304 response, and the assurance that the one in the cache is up to date.
If you do NOT set this header, then in the absence of any other setting that invalidates the file, Chrome will never check with the server to see if there is a newer version.
Here is a blog post that discusses the issue further.
I use Selenium to test my website. The website need to access an external catalog to select some items from it. The problem is this catalog is published on another domain with HTTPS protocol. I've searched and read many topics on the internet about Selenium and Cross domain problems, but I still don't find the answer yet. Some topics said that the *iehta browser will overcome this issue, but in fact it could not do that. I also try *iexplore, *iexploreproxy, *firefox, *firefoxproxy as well, but the results are the same. Could you please give me the solution for this problem?
Thanks in advance!
I've used the -trustAllSSLCertificates option with success.
Go to the site first with a normal IE connection, you get the message:
There is a problem with this website's security certificate.
Then:
Click Continue to this website (not recommended).
You'll see there's a red "Certificate Error" box at the top of the browser.
Click that, click "View Cetificates" then "Add" and add the certificate to the "Trusted Root Certification Authorities". There are similar screenshots for this process in the "mogotest" link in the previous answer.
Now run Selenium with the -trustAllSSLCertificates option and you are away.
The *iexplore (HTA mode) and *firefox (chrome mode) launchers will work just fine. *googlechrome will work in the forthcoming 2.0 release. As for the mechanics of making SSL work, the following article may help:
http://mogotest.com/blog/2010/04/13/how-to-accept-self-signed-ssl-certificates-in-selenium
I use Firefox to develop a web site and at the same time to browse the web, read my gmail, etc.
The problem is every now and then I need to delete the cache and or remove the cookies of the web app, but I want to stayed logged in in the other web pages I am visiting.
Do you know a Firefox plugin (or Firefox trick) that can help with this issue?
Preferences → Privacy → remove individual cookies
They are grouped by domain, and you can eliminate all cookies from selected domain with one click.
Update:
Option → Privacy → remove individual cookies
There are two add-ons for FF that every web developer needs and they are Web Developer Toolbar and Firebug, the Firebug extension YSlow comes in very handy too.
Web Developer Toolbar has great cache and cookie control down to individual cookies. Firebug lets you mess with the DOM and CSS directly for a page and YSlow is good for page weight and response times.
Be careful having Firebug enabled for JavaScript heavy sites as they really slow down. GMail will warn you about this and tell you to turn it off. I have had a problem trying to disbable sites with the menus when the tool is embedded in the browser at the bottom but opening it in its own windows the sites menu works fine.
I personnaly also like IE Tab which means I can quickly view a page in IE without leaving FF and I can also get it to load anything that only works in IE with it.
Cookie Monster might work?. Also, have you considered just using two profiles in Firefox? You could setup two profiles with two icons and use one profile for the website and the other for the non-development. The only problem would be you can only have one open at once.
Also, two browsers (Chrome, IE, Firefox, etc) might work well too.
WebDeveloper extension allows to delete cookies for domain. It also can clear cache, although for me Ctrl-F5 is enough usually.
I had the same problem and found a firefox addon to remove the cookies for the current site that you are displaying:
https://addons.mozilla.org/en-US/firefox/addon/remove-cookies-for-site/
Using that I don't have to navigate the firefox menus to find my site in the list (which was too time consuming). This does not cover the cache-issue. For that there is the Ctrl+F5 other people have mentioned. It is covered in good detail here:
What requests do browsers' "F5" and "Ctrl + F5" refreshes generate?
Best solution:
1) Just Click CTRL+H and search the site.
2) right click on it and choose Forget About this site
(source: https://superuser.com/a/733154/249349 )
If you would like to use firefox, clear cache and cookies for one domain and stay logged in (and retain cache) at other sites, you could run a second firefox profile concurrently using the '-no-remote' parameter. I use this all the time to view sites I am building from an anonymous and administrative perspective at the same time.
One way to do this (in windows xp) is: make two profiles, then startmenu->run type 'firefox -profilemanager', untick the 'don't ask next time' box and load profile 1, then startmenu->run type 'firefox -no-remote' and load profile 2. You should now have two seperate firefox profiles running.
Clearing cookies for a single domain is easy with any one of a number of tools. Clearing the cache for a single domain or at the individual page level is sometimes useful, but hasn't turned out so easy for me thus far.
One specific situation is changing a meta redirect, where you can't just ctrl-F5 (you're being redirected, after all). Using a different profile isn't an acceptable general solution. Web Developer toolbar can disable the cache to test that the change is working but it's only a temporary fix, and not one that can readily be suggested to a client in order for them to view the change.
I use SQLite Manager for firefox to remove single sites from cache. All you have to do is open places.sqlite in your user profile folder using this plugin and remove the site. It's not exactly an easy solution but it does work. Make sure you backup your profile 1st!
Ross, I have the perfect answer for you. Get on the current tab that you want cookies cleared. Click tools > Page Info. Or install Page Info Forms & links for a shortcut. Then click the Security Tab. Then View Cookies button. It will bring up all the cookies for the relevant domain. Click the ones you want to delete, and click remove.
Seems we have cookies covered here.
As for cache, the trick is to make your development server force a refresh.
In httpd, you probably have some some cache directives to swap out for these:
Header set Cache-Control "no-cache, must-revalidate"
ExpiresActive On
ExpiresDefault "now"
In header:
<meta http-equiv="cache-control" content="no-cache, no store"/>
The benefit of doing it the httpd way is that your scripts/images/css get refreshed.
In that way you are not restricting yourself to just browser with web developer toolbar, you can use other browsers such as chrome that does not do the no-cache thing so easily.
Another extension that handles the cookie part of the question with a little more ease than the rest is Close'n forget
https://addons.mozilla.org/en-US/firefox/addon/closen-forget
You can use it by toolbar button/context menu/keyboard shortcut in order to close the current page, discarding any cookies it held.
Optionally, the site can be removed from browser history and (again optionally) all the pages you visited in the current page can be removed from browser history too.
Simple solution is simple - use two different browsers.
Say chrome for your email and Firefox for dev.
Also, you have Cookie Swap. but it doesn't really work quite as smoothly as you'd like.