Solved ASUS router page is "forced" to HTTPS and won't load
-
@Pathduck said in ASUS router page is "forced" to HTTPS and won't load:
Where does this list exist? I tried searching for the string asus.com in the Vivaldi files, didn't come up with anything meaningful, so I'm guessing these are some kind of hashes (or certificates/keys)?
The actual commit is
https://chromium.googlesource.com/chromium/src/+/0f9886ccfad2e03ef049cf76738eb47b8885426e
And it updates the file net/http/transport_security_state_static.json in the Chromium source.
Developer and Security Expert at Vivaldi.
-
@Pathduck said in ASUS router page is "forced" to HTTPS and won't load:
Looks like they've even made an explicit exclude to asus.com...
One of my guesses is that some kind of hardcoded exception will be the "solution", the surgical one would to just exclude the specific hostnames.
-
Ppafflick marked this topic as a question on -
Ppafflick has marked this topic as solved on
-
@yngve Good to know, that Chromium devs fix this and Vivaldi will get a fix later
-
This issue seems fixed, now the http://192.168.1.1 page redirects to http://router.asus.com.
But now a new bug appeared... I think? This was an issue in some older builds, but I barely remember it. Now the passwords can no longer be automatically entered on the page, nor is Vivaldi offering to remember them. So I have to type it manually or copy/paste each time I want to open the router. -
@t0yz Hi - it's not a bug. Vivaldi (or rather Chromium) no longer auto-fills or offers to save passwords on "insecure" pages. There is no option or flag to allow it. IMO another dumbing down of browsers to make regular users "feel safe" so they can continue their online shopping spree of cheap crap from China.
A workaround is adding the password yourself in:
chrome://settings/passwords
Make sure you specify the full URL with scheme -http://router.asus.com/- otherwise it uses https.It still won't auto-fill it but you can click inside the field or use down arrow key to fill.
Another workaround is of course to activate TLS/SSL on the router and adding the self-signed cert to your OS truststore, which is what I've done. Most newer routers offer TLS and a self-signed cert valid for a long time (mine expires in 2028, after that I'm screwed).
🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck No, we've been through this before. It worked fine until last week or so, so I assume it's the last 1-2 snapshots. I'll have to test with stable or older builds when I have more time just to make sure.
This bug happened before, but going through my post history is annoying as hell.
Edit:
Found the old post
https://forum.vivaldi.net/topic/69781/it-s-friday-vivaldi-browser-snapshot-2514-11/39?_=1665874933040
It was a bug. -
@t0yz Well, it works for me, in latest Stable and latest Snapshot.
Video: https://ttm.sh/q-K.mp4
🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck thanks for taking the time to test it, I am starting to suspect something with VPN and split tunneling, Vivaldi's excluded. I have no idea what's broken and where, will have to test more at home.
edit: fixed it by manually removing passwords and then adding manually again like you did in the video, now autofill works again. Have no idea what I broken.
But the VPN did broke something. If I keep the VPN up, the 192.X address will work, but the redirect to asus.router.com will not get solved by the DNS, even though Vivaldi is excluded from the VPN (allegedly) and LAN and IPv6 traffic is supposed to pass. I suck at VPNs and networking so I guess I'll leave it like that. -
Just add this cookie not_show_https_redirect = 1 if you know how to use the dev console & it forces http ..Https is pathetically slow on asus routers before 2021
-
Perhaps this unofficial setting of a internal flag can help.
-
@DoctorG Sorry, but that flag won't help with the Asus router HTTPS issue, it is not relevant, because Asus did it to their own users by setting a HTTP Strict Transport Security (HSTS) flag for their entire domain when visiting one of normal sites including the router name.
They originally did that by adding their domain to the pre-shipped list used by Chromium and others. That entry got deleted when the router problem became noticeable.
Later, Asus added the flag to their web servers, which is actually good security practice, but it does "brick" the routers. It is very easy to brick parts of a domain by mistake if unencrypted servers are used (for whatever reason).
The best way to avoid the problem is to access the router using a Guest Windows, which would never have visited the Asus web servers.
