Solved Websites reporting not Secure but it is
-
@rltidd57 Probably an extension or an obsolete cookie. Did you try to disable them to see if it works?
-
-
@mib2berlin removing cookes and emptying cache did not help. I guess I will run thru my extensions. Thanks
-
Turned off all my extensions, restarted vivaldi, same result.
-
@rltidd57
Hm, sometimes disable an extension in not enough, you have to remove it.
Or your profile is broken, if it bother you to much you can reset it.
If you use sync it is not much work but manually it need some work:Cheers, mib
EDIT: You can create a new profile for testing but I guess it will show the same as a private window.
https://help.vivaldi.com/desktop/tools/user-profiles/ -
I get the same behavior at my smartphone, which has an adblocker VPN installed (Blokada). probably you have a similar extension at your everyday profile
-
It's some kind of site misconfiguration (HSTS?) caused by the "Always use secure connection" setting.
I get the exact same in Chrome, Chromium, Opera, Brave if the setting is enabled. Firefox and Edge seems to handle it for some reason. Probably @yngve would have some idea. But one just cannot expect browsers to handle badly configured web sites.
-
@rltidd57 You are accessing the HTTP URL directly, not the HTTPS URL (I recommend checking your bookmarks and typed URL), and you have probably enabled the "Always use Secure Connection (HTTPS)" in the Address bar preferences. That error will always be displayed if you go directly to the HTTP URL.
-
@yngve But shouldn't the browser if "Always use secure" is enabled detect the site is running HTTPS and connect to it without the warning? The site has a valid cert and testing with curl throws up nothing special, it just does a redirect to HTTPS:
$ curl -IX GET http://www.4logowearables.com/ HTTP/1.1 301 Moved Permanently Date: Sat, 04 Feb 2023 23:31:54 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Sun, 05 Feb 2023 00:31:54 GMT Location: https://www.4logowearables.com/ Server: cloudflare CF-RAY: 794733db6fc2b4fa-OSL $ curl -IX GET https://www.4logowearables.com/ HTTP/2 200 date: Sat, 04 Feb 2023 23:32:02 GMT content-type: text/html last-modified: Thu, 19 May 2016 03:51:50 GMT accept-ranges: bytes cf-cache-status: DYNAMIC server: cloudflare cf-ray: 7947340d4d4eb523-OSLIt would just be interesting to know what goes on here, and why Edge/Firefox works differently. "Always use secure" is still an experiment in Edge (has to enable the flag for testing), and in Firefox it's called "HTTPS-Only Mode" and both seems to handle it.
I suspect some weird TLS/SSL handshake server misconfig.
-
Actually, it looks like it is the site that is causing this. Even when going direct to HTTPS, it redirects to HTTP, then back to HTTPS.
The reason is this, in the HTML of the secure front page:
<meta http-equiv="refresh" content="0; url=http://www.4logowearables.com/cgi-bin/hw/hwb/chw-pseudoHome.w?hwCVD=alpgenericWebsite" />Developer and Security Expert at Vivaldi.
-
-
@yngve I put the s in http in the saved bookmark and it loads fine now. Thanks so very much. Any other sites that this happens with me, I will check the bookmark.
Have a GREAT day! -
@rltidd57 I get the same error message. I think its something in Vivaldi developer panel.
-
Ppafflick marked this topic as a question on -
Ppafflick has marked this topic as solved on
-
Ppafflick moved this topic from Vivaldi for Windows on
-
@yngve said in Websites reporting not Secure but it is:
Actually, it looks like it is the site that is causing this. Even when going direct to HTTPS, it redirects to HTTP, then back to HTTPS
OK, you are saying that the Google Maps website is designed wrong and it is Vivaldi that is white and innocent and designed correctly? Ridiculous.
Google Maps is happily used by millions of users worldwide on all browsers and only Vivaldi causes that problem, and you are trying to say opposite, giving some ungrounded fluff about <meta> tag.OS version: Win 11 23H2 build 22631.4169
Vivaldi version: 6.9.3447.48 (Stable channel) (64-bit) -
@astero yes, the redirect for
http://maps.google.comis actually designed badly by- redirecting to the insecure
http://maps.google.com/mapsbefore doing a - proper HTTPS redirect to
https://www.google.com:443/maps.
When disabling HTTPS enforcement in the browser settings, it might trigger on the initial improper/insecure user input and/or intermediate redirect.
- redirecting to the insecure
-
@astero I never saw this issue with 6.9.3447.48 Win 11 23H2.
Typing
maps.google.comin address field is fetchinghttp://maps.google.comand redirect with HTTP Status 302 without any issues tohttps://maps.google.com
Checked with Developer Tools → Network log.
Usually is a redirect with status code 301, so the double redirect with status 302 is weird and a misconfiguration fo Google servers.
-
@becm said in Websites reporting not Secure but it is:
When disabling HTTPS enforcement in the browser settings
Where is such in Vivaldi Settings? The setting to Always Use HTTPS is disabled as standard.
-
@astero Given that
maps.google.comdoes support HTTPS, my first (paranoid) thought about this case is some kind of network interception device (e.g. a proxy intended to read all traffic) that try to force all traffic to HTTP, although a captive Wifi portal might be a possibility (they may also close secure connections if you are not yet authenticated).However, considering that you provide no information about how you started to load this page, your network situation, and apparently haven't tried the trouble shooting steps, especially the Guest Profile step, I can't say anything about what happened here.
-
@yngve said in Websites reporting not Secure but it is:
although a captive Wifi portal might be a possibility (they may also close secure connections if you are not yet authenticated)
Nope, I am on my home wifi, no captive portals are involved here.
@DoctorG said in Websites reporting not Secure but it is:
I never saw this issue with 6.9.3447.48 Win 11 23H2.
it happens not always, but intermittently. When I type the Google Maps address manually now, it goes fine. I must to note that I type all urls manually.
@becm said in Websites reporting not Secure but it is:
yes, the redirect for http://maps.google.com is actually designed badly
obviously it is more a bad design of Vivaldi than maps.google.com. Why I've never seen such redirects along with such creepy error screens on other browsers? A rhetoric question.
