V 6.7 | Forces HTTPS
-
Update 6.7.3329.17 forces HTTPS:
Hi,
after the said update Vivaldi started forcing HTTPS: again. This time I cannot convince it to allow for HTTP:
Help appreciated!
Jure
--
ModEdit: Title
-
@jure
Hi, it depends what you want to reach, there is a flag:
vivaldi://flags/#unsafely-treat-insecure-origin-as-secure
You can add a list of URL's or IP's can use HTTP, for example.Cheers, mib
-
-
@jure I do not know if where this happens.
What was typed in address field? -
@jure I think this happens in your case only if no scheme (the http://) was typed at start of address field, right?
-
@mib2berlin: Flags did not help, unfortunately.
@DoctorG: this is the address: http://wolverine.si/hp1000se/indexDesktop.php
It is my weather station home page and when browser forces HTTPS: then random blocks on the page will not load for some reason. Just spinning globe symbols. It's random and we never could figure out the cause for that.
HTTP: works, though. I tried all kinds of things setting up the page, there are no redirects and such...Thank you for trying to help!
-
@jure Really strange.
Vivaldi 6.7.3329.17 (has Chromium core 124.0.6367.90) forces HTTPS.
Whereas Chromium 124.0.6367.79 does not. And Edge 124 does not.For me looks lik a bug in Vivaldi 6.7 as if have in Settings → Address Bar → Security Feataure → Always use SSL set to off.
-
Disabling the flag for
https-first
used to work, but is no longer in Chromium 124.I'd agree this is a bug in Vivaldi - it should work like users expect - like other browsers. However I'm not sure @yngve agrees on this point... this has been up for discussion on the forum several times. It's just Vivaldi's url field works differently apparently.
-
@Pathduck Any bug report on this?
-
@Pathduck Reaklly broken in Vivaldi, if i use http://myserver , (myserver is a local IP and hostname of web server) it is not redirected to https://myserver - as desired by me.
-
@Pathduck said in V 6.7 | Forces HTTPS:
https-first used to work, but is no longer in Chromium 124
Or do you mean, "It doesn't Work"
? -
-
@Pathduck said in V 6.7 | Forces HTTPS:
will just be closed as "Won't Fix"
And yes, that's what i fear, too.
-
@Pathduck said in V 6.7 | Forces HTTPS:
chrome://flags/#https-upgrades
No longer exists in Chromium 124.Reappears only if vivaldi://flags/#temporary-unexpire-flags-m122 is set to Enabled.
But as such is unexpire flag is experimental, it is not really a longterm workaround. Why not long-term? Because Chromium devs can remove it completely in a next core version. -
@jure
As a webdev, programmer ans server admin i do not understand why users run a websites with and without SSL, but have broken mixed content in the SSL driven pages.
Very old content with http://-links and then after years added SSL for the domain? Broken web content generator? Broken CMS? -
@jure Can get it working!
the Temperatura graph in pane shows up if i use Private Window and select or switch in dropdown between Temperatura and others.I had no detected why this happens.
//EDIT at 18:10 CEST:
Really crazy, works all if i start Vivaldi Stable in cmd.exe command line without Vivaldi UI and a clean profile (making no settings or adding extensions!) with this command
start vivaldi --disable-vivaldi --user-data-dir="%TEMP%\TEST123"
OK, i will report that to internal bug tracker and ping QA and internal tester team.
VB-105961 "Active Vivaldi UI breaks loading of page" - Confirmed
-
Seems Vivaldi only does not allow to load the content, because it uses HTTPS first. Differs from Chromium 124 and Edge 124. Sad.
I do not know if Vivaldi devs want to fix their security feature. As @Pathduck mentioned, my report could become "Won't Fix" -
@DoctorG The reason for the difference is that Chrome and Edge uses the Chromium Omnibox address-bar, which has hardcoded logic that adds specific flags into calls starting the page load; that is either difficult or impossible without extensive hackery of the Vivaldi JS address-bar.
IMO (one might probably say IMNSHO) if the server have both HTTP on port 80 and HTTPS on port 443 configured, then one should make the server on 443 the primary one (and redirect there from 80). The "problem" only occurs if one mixes the two, and expect to get to port 80. You will get to port 80 iff there is no open port 443.
-
@yngve said in V 6.7 | Forces HTTPS:
IMO (one might probably say IMNSHO) if the server have both HTTP on port 80 and HTTPS on port 443 configured, then one should make the server on 443 the primary one (and redirect there from 80). The "problem" only occurs if one mixes the two, and expect to get to port 80. You will get to port 80 iff there is no open port 443.
This is not a valid assumption. Webservers can serve both http sites and https sites. Just because a webserver has port 443 open does not mean that particular site is configured for or even capable of https. Further, closing port 443 on the webserver would break any site that does use https.
-
@BunxBun Of course, some server admins want to be difficult, and thus make difficulties for themselves (and their users).
My point is that in normal 80&443 deployments everything on port 80 should be mirrored by port 443; in fact, in most cases the only thing on 80 is a configuration to redirect everybody to 443.