Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Learn More

Táto téma bola archivovaná. Ak potrebujete pomôcť, založte prosím novú otázku.

Firefox 96 mixed http/https content issues

SisyphusOnRollerSkates
SisyphusOnRollerSkates
more options

I manage a website that uses https for logging in or other sensitive data but uses http for non-sensitive data. Beginning with Firefox 96, users who login using https can navigate to any https page on the site using their logged in credentials, but do not have their login credentials when they navigate to http pages. It appears the cookies generated on https pages are not accessible from http pages using the latest version.

Is this a bug in Firefox 96 or a feature?

Bug or not, I understand the obvious advice would be to use https for the entire site. But our site uses a 3rd party app that does not work using https. The second obvious advice would be to get rid of or fix the app so we can use https for the entire site, which will have to happen at some point. But for the meantime, is there a setting in Firefox that will allow users to login to a mixed https/http site using Firefox 96 or are users going to have to use another browser?

I manage a website that uses https for logging in or other sensitive data but uses http for non-sensitive data. Beginning with Firefox 96, users who login using https can navigate to any https page on the site using their logged in credentials, but do not have their login credentials when they navigate to http pages. It appears the cookies generated on https pages are not accessible from http pages using the latest version. Is this a bug in Firefox 96 or a feature? Bug or not, I understand the obvious advice would be to use https for the entire site. But our site uses a 3rd party app that does not work using https. The second obvious advice would be to get rid of or fix the app so we can use https for the entire site, which will have to happen at some point. But for the meantime, is there a setting in Firefox that will allow users to login to a mixed https/http site using Firefox 96 or are users going to have to use another browser?

Vybrané riešenie

Hi, there was an important change related to cookies and http/https in Firefox 96. See:

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/96#http

How quickly can you transition to 100% HTTPS?

Čítať túto odpoveď v kontexte 👍 0

Všetky odpovede (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Vybrané riešenie

Hi, there was an important change related to cookies and http/https in Firefox 96. See:

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/96#http

How quickly can you transition to 100% HTTPS?

SisyphusOnRollerSkates
SisyphusOnRollerSkates Autor otázky
more options

Thank you for your response! This definitely explains what we're experiencing.

Transitioning will be a project with the 3rd party app so it will take some time. But I'll read over the literature you provided and see what I can do to fix the cookie issue.

Thanks again!