V 6.6 | Vivaldi forcing HTTPS
-
Vivaldi not using http site
I want to see pages on http://regex.info but Vivaldi insists on giving me the https:// version which is not the same. Latest version on Debian 12/x64. And yes, "Always Use Secure Connection" is off, double-checked.
What gives?
(This is not the first time this has happened so I am now looking for a solution.)
--
ModEdit: Title -
Hi,
--
Please,
On each report add:
- Vivaldi Version: |
- Since when happens: |
- OS / Version / DE
|
--
Lastest Chromium version forced that.
Try, if not already, from
chrome://settings
Then, search at Flags for HTTPS and disable them.Flags
vivaldi://flags--
Also,
Some useful links:
ForumsCommunity 
Official Tutorials Official Help Forum Categories Modding Vivaldi Vivaldi Features Vivaldi Help Forum Markdown Panels • 
EnginesVivaldi Tutorials Issues 
Feature Requests ¿? Menus • Guides • FAQ Vivaldi How To Bug Reports
--
Avoid
Data loss
Follow the Backup | Reset links below
Vivaldi Backup | Reset + Extra Steps
-
@vt4711 Please see https://forum.vivaldi.net/post/733381
My advise: Put everything on a HTTPS server if you have that possibility.
In fact, while it may not be of interest to you, there has been talk about search engines reducing the search rating of unencrypted content.
-
@yngve I think the site makes a very good point:
"a browser feature that automatically assumes that all HTTP servers have an identical HTTPS server is making some very big, and in this case, wrong, assumptions."
Far as TCP is concerned, 80 and 443 are different services and could serve completely different content (like this site).
And now we have stupid stuff like the browser trying to guess what the user wants based on their browsing habits ...
chrome://flags/#https-first-mode-v2-for-engaged-sites
chrome://flags/#https-first-mode-for-typically-secure-users@vt4711 For now, unfortunately the only way around this is to set the flag:
chrome://flags/#https-upgrades
To Disabled.🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck Maybe, but the main question will always be: Is the "correct" content on the unsecure or the secure server?
And, since most regular sites with a HTTPS server (and a valid certificate) in addition to the legacy HTTP port immediately perform a HTTP redirect to the HTTPS server, it is a very high probability (one can discuss whether it is 80ish%, 90ish% or >99%) that going direct to the HTTPS port is the most secure and correct option. Going first to the HTTP port risk being redirect ed to a fake site by a MITM, and for regular sites this paranoid view makes security sense.
-
@Pathduck said in Vivaldi not using http site:
Far as TCP is concerned, 80 and 443 are different services and could serve completely different content (like this site).
Not everything that's technically correct is a good point, though. Sure, you can deliver totally different content on port 443 than on port 80. Hey, you don't even need to care about which ports are colloquially used for what protocol. You can have your HTTPS on port 80, your HTTP on port 70, Gopher on port 443, ... and while you're at it, have some mail servers on random ports that each accept emails for a different subset of your users. As far as TCP is concerned, there's nothing wrong with that.
But realistically there's no reason to do it like that. Just use standard ports, and use subdomains for serving different content. Like, the rest of the world.
-
Sigh. I suspected this query would descend into the (for me not at all relevant) question of whether the webmaster of the site in question should have separate versions of their site on http vs https. All I want as a user is seeing the content of their HTTP site and not of the HTTPS site. And @yngve : I am not the site owner so I can't change the setup. And I very much doubt that the owner, in this case, is even remotely interested in doing that.
I have no problem that Vivaldi, even when given an http site, at first tries to locate the page on the https site. What I do have a problem with is that Vivaldi, after I manually delete the "s" in the URL, still insists on giving me the https pages although "Always Use Secure Connection" is off (much like Google search, Vivaldi seems to know better what I really want). Why does this option exist if it's ignored anyway?
And a big thank you to @Pathduck for actual listening and providing a workaround. Problem solved, for the time being.
-
@vt4711 said in Vivaldi not using http site:
What I do have a problem with is that Vivaldi, after I manually delete the "s" in the URL, still insists on giving me the https pages although "Always Use Secure Connection" is off
It is actually ignored by Chromium, when the HTTPS-first Chromium feature is enabled (which is the default, and which is performing the automatic redirect to HTTPS when there is a valid HTTPS server on the site). My guess is that the whole preference will be removed relatively soon because it never did work all that well.
-
This Chromium stuff sounds, sorry to say, like a cop out. Clearly, Vivaldi can show the http page once I change the setting @Pathduck mentioned. So, if Vivaldi can in principle show the right page, why can't it do so if the user manually has edited the URL? For instance by temporarily, just for this site, switch on that flag, at least if "Always Use Secure Connection" is off?
-
I have to agree with you @vt4711, Vivaldi should show the http page once the user manually edited the URL. I ended up disabling the chrome flag but I am surely unhappy with this workaround.
-
@Pathduck Thank you very much.
