Vivaldi uses HTTPS even when that Setting Not Selected
-
Even if I type http://www.google.com in the address bar, Vivaldi always loads https://www.google.com. (Yes, I have the "Always Use Secure Connection (HTTPS)" setting in Settings/Address Bar deselected.)
That's fine for google.com. But it breaks some of my personal websites that are built with Ember, and the first Ember page comes back as https://myPage.html, when myPage.html wants to load other chunks of code that are called with just http://. Vivaldi throws an error since those chunks are seen as insecure.
The problem seems to be with Vivaldi. Both Firefox and Opera do not force http://myPage.html to https. Is there a solution in Vivaldi that I am missing?
-
-
-
google.com is configured by a HTTP Strict Transport Security flag to always open as HTTPS. That flag is hardcoded in Chromium based applications. You can see these configurations in vivaldi://net-internals/#hsts
-
Domains can set that flag themselves when visiting one of their sites, either for the individual site, or for the entire domain, for a specified length of time. The latter can cause problems if a web site certificate expires and is not renewed (effectively bricking the site), or some hosts in the domain have to be accessible to HTTP (as users of Asus routers have discovered).
-
The current default policy in Chromium and Vivaldi for a HTTP URL is that a test is performed to see if a site has an active port and a valid (or accepted certificate) on the HTTPS port (443). The main difference between Vivaldi and other Chromium-based browsers regarding this is that the other browsers used the Chromium Omnibox addressbar, which configures an exception for URLs that was entered with a "http://" prefix. Vivaldi does not have that logic, since we are not using the omnibox.
-