This has started happening a while ago (previously there was not perceptible delay) and luckily I don’t have to visit HTTP sites very often but it is annoying and I would like to get rid of it.

I know HTTP is bad TYVM. I only use this HTTPS-only mode to forcibly upgrade to HTTPS whenever possible and be notified if it doesn’t work.

Does anyone know why this is happening and how to disable it?

#Firefox @firefox@lemmy.world

  • MangoPenguin@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    1
    ·
    10 months ago

    I wish the invalid SSL cert warning and the password field on HTTP warning could be permanently disabled for all private IP ranges. They are incredibly annoying.

    • Peer
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      10 months ago

      That would mean malware can use your local ip and hostfile for mitm attacks.

      • xhduqetz@lemmy.ml
        link
        fedilink
        arrow-up
        12
        ·
        10 months ago

        Isn’t it already game over if malware can write into your hostfile? At least on Windows you need some elevated access for it, which means such malware could just read/write the target program’s memory directly instead of resorting to clunky MitM.

      • MangoPenguin@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        5
        ·
        10 months ago

        If malware can write my hosts file it’s probably all over anyways, it has admin access and just keylog everything and pull passwords directly from browsers.

        I’m not saying it should be the default, I just want an about:config option to disable them (they used to have one for the insecure password field but it no longer works).

    • max@feddit.nl
      link
      fedilink
      arrow-up
      6
      ·
      10 months ago

      Pretty much the only place where I see them. Let’s hope we can disable it in the future.