https-only mode and https-only exceptions

[miharix]

Hi,

Sorry for stupid question....

Where in this GPO can I find

force https-only mode
and
website exceptions for https-only mode

Since today (FF 125.0.1) we have problem that
if website that is http (not https) and has a link for download (any file) it wont download because it report's as security issue.
The solution is if I manually add the (internal)website as exception under https-only mode exceptions.

[TheSin-]

you are looking for

Set dom.block_download_insecure to False

I'm here for the same reason but it doesn't seem to have a GPO, you can fix it by changing that option in about:config, but that's a localized fix.

[jonesiscoding]

I believe that that you can enable or disable both dom.block_download_insecure and dom.security.https_only within the preferences.

Currently, there does not seem to be a way to add a list of exceptions for either.

[TheSin-]

you can I figured it out yesterday using this. Just need to remove the older Preferences and use the json version and it works. I only did dom.block_download_insecure

[miharix]

So this need to be a request for repo of the browser directly ? Where exactly ?

When I saw this problem it reminded me,
that it would be about time to push our company to https only and allow only centrally whitelisted http sites.

I like the idea of mozila pushing forward implementation of https, but not first enabling simple deplorable exceptions is not nice.

[tracktor-git]

you can I figured it out yesterday using this. Just need to remove the older Preferences and use the json version and it works. I only did dom.block_download_insecure

Hi TheSin-
How can I do this with GPO? Can you wrote an example or make a screenshot of this setting in GPO? I tried but there was no any effect :( Maybe I use wrong format for the setting...

[miharix]

I created Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1892658

@tracktor-git

User Configuration -> Administrative templates -> Mozilla -> Firefox -> Policy -> Preferences

{
	"dom.block_download_insecure": {
	"Value": false,
	"Status": "locked"
	}
}

[tracktor-git]

@miharix thanks a lot! I used wrong JSON format...

[technomancer-101]

So this need to be a request for repo of the browser directly ? Where exactly ?

When I saw this problem it reminded me, that it would be about time to push our company to https only and allow only centrally whitelisted http sites.

I like the idea of mozila pushing forward implementation of https, but not first enabling simple deplorable exceptions is not nice.

I agree, I think Mozilla needs to create a whitelist option as an alternative to the "all or nothing" approach. While we could in theory setup SSL for all of our intranet sites, it's a lot of overhead for services that really wouldn't benefit from the traffic encryption.

Unfortunately I'm also unsure how to go about this. I suppose https://connect.mozilla.org/ would be the best bet, and then we can all upvote it there.

[mkaply]

I'm working on the whitelist now.

[mkaply]

https://bugzilla.mozilla.org/show_bug.cgi?id=1888548

[technomancer-101]

Thank you very much, that will be hugely beneficial.