Firefox Complains RR Not Secure

Status
Not open for further replies.

MFD4305

Member
Joined
Mar 8, 2004
Messages
374
Location
Ypsilanti, MI
FWIW . . .

I have the same experience with Chrome - it's like one step added to login. I should note that my "problem" began only when I read the initial posts in this thread and changed my RadioReference bookmark to the HTTPS URL.
 

mikewazowski

Forums Manager/Global DB Admin
Staff member
Forums Manager
Joined
Jun 26, 2001
Messages
13,457
Location
Oot and Aboot
I'll let Lindsay know.

Right now I'm using Firefox 52.01 32 and Chrome 56.0.2924.87 as well without any problems.

Code:
 http://forums.radioreference.com
correctly redirects to
Code:
 https://forums.radioreference.com
for me.

The only thing I can suggest is you clear your browsing history and cache.
 

CycleSycho

Member
Joined
Jul 26, 2016
Messages
640
Location
Central South Carolina
The only thing I can suggest is you clear your browsing history and cache.


:confused: Mike, not knowing a thing about Firefox/Chrome, clearing cache in IE is not the source of this problem in IE. IE automatically clears cache every time (settings in tools/internet options/advanced tab/security section, CHECKED BLOCK for 'Empty Temp.. Internet Files...') I close the last IE window, and I clear IE manually after disconnecting my internet connection (shortcut on command bar titled 'Delete browsing history' within IE-11 page). Today, I again get the same error (solving temporarily by just clicking the 'Forum' tab again after the error page loads). Don't have an answer why, it is above my pay grade. Know that it should not be doing it, that's for sure. :confused:
 

Ronaldski

MI DB Admin
Database Admin
Joined
Aug 23, 2005
Messages
2,973
Location
Bay City MI
A couple items I have seen that might help to track down the issues?

Related to the forums as mentioned in #63 and maybe elsewhere, noticed the login problem happened the same time as this issue showed up. I havent seen the redirect issues at all.

I'm running windows 10 using all the latest chrome, edge browsers on my laptop and desktop, the username at the very top of the page is cleared out completely. No login or logout option, 'mobile' or 'help' options even show, just the blue background where that wording normally is.
In turn the items related to that login are not accessible at the time. To access them and get my login back I have to get out of viewing a forum thread.

Yesterday my mouse scroll wheel would not work on RR but worked fine on any other web site, this happened on chrome and edge browsers - although seems to be that has happened before.
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,921
Error seems to be on RR's end with the redirect

Same as Mike; I'm using Chrome and IE without any problems. I suspect that there's a problem with the individual's machine/setup.

I think it is on RR's end, because, even though I use FF and still get this error in FF, I just tried it with IE so it would compare with your results.

Using IE, I just tried going directly to the https-link for "Today's posts"
Code:
https://forums.radioreference.com/search.php?do=getdaily
while not logged-in, and then entering my credentials at that point, and its redirect failed, giving me the
"vBulletin Message: Invalid Redirect URL (
Code:
http://forums.radioreference.com/search.php?searchid=11474183
)"​
.
Please notice that the redirect is still attempting to go from the secured link to the unsecured link.

From the error message, if I click the "Back button" to get to the previous screen, and then refresh that screen, it shows that I am logged in.

After that, I logged-out, deleted all browsing history, cleared caches, closed IE, etc., and tried again, with same results.

In my opinion, the problem is not on the user's end, since everything was working fine before the "recent" changes on RR's-end, as mentioned earlier in this thread.

Hope this helps,
 

CycleSycho

Member
Joined
Jul 26, 2016
Messages
640
Location
Central South Carolina
Same as Mike; I'm using Chrome and IE without any problems. I suspect that there's a problem with the individual's machine/setup.

:eek: Although I can appreciate the fact your not having this problem, those of us that are having this problem suspect your post may only confused the issue with the many who have fully functional systems that ARE having this issue. If you aren't having this problem, what exactly did you do to 'go around' the problem (if applicable)? I can state with 100% accuracy, IE-11 with all updates and no prior issues (on all three of my windows 7 systems also with ALL security updates) IS having this redirect error issue. When I click on the 'Forum' link in the 'unsecure' RR webpage the forum pages shows up. When I enter the login information (almost top right as posted on the page) it then DOES reply with the error page. IF entering user/login, and it does not 'connect' to the forum then something is amis with the sequence after entering valid credentials AND actual access to the secure forum pages. I NEVER had a log-in issue B4, seems to me something IS wrong with something outside the members end of this transaction. :eek:
 

MFD4305

Member
Joined
Mar 8, 2004
Messages
374
Location
Ypsilanti, MI
FWIW 2 . . .

Entering my Username / PW for The Forums redirects me once again. If some changes were made in the past 24 hours, they were related to my problem, at least. BTW - I did not intend for my first post on this topic to be perceived as a complaint: I was merely offering what I hoped was input to solving the issue. Having to enter one more 'click' was not a big deal from my perspective in view of the value this site provides!
 

CycleSycho

Member
Joined
Jul 26, 2016
Messages
640
Location
Central South Carolina
:D Weeeeeee, back to no error message/page. Thank you for fixing the problem! It worked yesterday BUT I was not sure it was just me forgetting rehitting the forum button, or having it fixed. Today (just now) logged in and it worked fine (IE-11, Win7 Ult, all updated). Good to see the improvement, as in back to normal. :D
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,921
In case it matters, I just got the invalid-redirect again, with both FF and IE. I was not logged in, and was viewing a thread using the secured https link. I then logged-in to post a comment, and got the invalid-redirect message again, which showed it tried to redirect to the unsecured http link, like before.

Code:
Invalid Redirect URL (http://forums.radioreference.com/system-wide-administration/349581-firefox-complains-rr-not-secure-4.html)

Thanks,
 
Last edited:

iMONITOR

Silent Key
Premium Subscriber
Joined
Sep 20, 2006
Messages
11,156
Location
S.E. Michigan
It appears the redirect problem has been resolved for me. Running Windows 10 Professional, 64-bit, and Firefox 52.0.2 64-bit.

Thank you! :)
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,921
Still getting the same error as mentioned earlier (trying to redirect from https to http), on multiple computers, Win7, either FF or IE.
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,921
Updating firefox to the latest version has so far always fixed any such issues with security certificates.

So update your browser.

Thanks, but as indicated in previous posts, (1) the problem is not limited to FF, but also occurs with other browsers; (2) the error message is not a certificate-error; (3) the error occurs when a secure page attempts to redirect to a non-secure page, which it should not be doing. (If the site-visitor is starting at a secured page, then the site should redirect to a secured page. If the site-visitor is starting at a non-secured page, then the site should redirect to a non-secured page.)

Thanks,
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,921
While logged-out, navigating to a specific thread-page using the secured https link, and then logging-in, does correctly redirect back to that same page with the secured link now, instead of giving the previously mentioned redirect error.

Thank you very much for fixing that.



But, here are some other issues that might be related...
  • While logged-out, clicking on the secure "Today's posts" link navigates to that page successfully.

    From that secure "Today's posts" page, logging-in now gives the error message "Sorry - no matches. Please try some different terms." , instead of correctly returning to the previous "Today's Posts" results page as it used to do. (It no longer gives the "redirect failed" error as described in previous posts.)

    After logging in, clicking on the "Today's Posts" link after logging-in does go to that page successfully.


  • Also, while logged in and looking at my "Profile > About Me" page, clicking on the Join Social Groups link, produces an error page that indicates "This page is not redirecting properly."


Thanks,
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,921
While logged-out, navigating to a specific thread-page using the secured https link, and then logging-in, does correctly redirect back to that same page with the secured link now, instead of giving the previously mentioned redirect error.

It seems that the redirect error is back. While logged-out, I navigated to the Wiki to be deleted thread, and logged-in to make a post, and received the "invalid redirect error" which showed the the insecure "http:" URL.

Thanks,
 

Dude111

An Awesome Dude
Joined
Aug 8, 2009
Messages
446
I think if someone comes to this site on the HTTP side,the site should STAY in an http session while they are here......

All this does is cause connection problems with older browsers and there is NO REASON for this!!!!! -- Nothing on this site needs HTTPS!!! -- Firefox is trying to scare people FOR NO REASON!!!!!

Nothing going on that wasnt happening 5 years ago.............. This is all for control and to try and scare people!!

cellar.org (Also VBB) has it setup right... If you goto http://cellar.org the site WILL STAY in an HTTP session....If you goto HTTPS://cellar.org it will stay HTTPS.......

Firefox has caused alot of problems FOR NO REASON and I just thought I would come out and say this.....

This site for the most part does not stay http,ya have to change it back....... ITS SAD THAT PEOPLE ARE SO BLINDLY LEAD DOWN A CONTROL PATH.........
 

iMONITOR

Silent Key
Premium Subscriber
Joined
Sep 20, 2006
Messages
11,156
Location
S.E. Michigan
Why HTTPS Matters


By Kayce Basques
Technical Writer at Google

You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. Aside from providing critical security and data integrity for both your websites and your users' personal information, HTTPS is a requirement for many new browser features, particularly those required for progressive web apps.
TL;DR

Intruders both malignant and benign exploit every unprotected resource between your websites and users.
Many intruders look at aggregate behaviors to identify your users.
HTTPS doesn't just block misuse of your website. It's also a requirement for many cutting-edge features and an enabling technology for app-like capabilities such as service workers.

HTTPS protects the integrity of your website

HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages.

Intruders exploit unprotected communications to trick your users into giving up sensitive information or installing malware, or to insert their own advertisements into your resources. For example, some third parties inject advertisements into websites that potentially break user experiences and create security vulnerabilities.

Intruders exploit every unprotected resource that travels between your websites and your users. Images, cookies, scripts, HTML … they’re all exploitable. Intrusions can occur at any point in the network, including a user’s machine, a Wi-Fi hotspot, or a compromised ISP, just to name a few.
HTTPS protects the privacy and security of your users

HTTPS prevents intruders from being able to passively listen to communications between your websites and your users.

One common misconception about HTTPS is that the only websites that need HTTPS are those that handle sensitive communications. Every unprotected HTTP request can potentially reveal information about the behaviors and identities of your users. Although a single visit to one of your unprotected websites may seem benign, some intruders look at the aggregate browsing activities of your users to make inferences about their behaviors and intentions, and to de-anonymize their identities. For example, employees might inadvertently disclose sensitive health conditions to their employers just by reading unprotected medical articles.
HTTPS is the future of the web

Powerful, new web platform features, such as taking pictures or recording audio with getUserMedia(), enabling offline app experiences with service workers, or building progressive web apps, require explicit permission from the user before executing. Many older APIs are also being updated to require permission to execute, such as the geolocation API. HTTPS is a key component to the permission workflows for both these new features and updated APIs.

(Source):
https://developers.google.com/web/fu...nsit/why-https
 

iMONITOR

Silent Key
Premium Subscriber
Joined
Sep 20, 2006
Messages
11,156
Location
S.E. Michigan
I think if someone comes to this site on the HTTP side,the site should STAY in an http session while they are here......

All this does is cause connection problems with older browsers and there is NO REASON for this!!!!! -- Nothing on this site needs HTTPS!!! -- Firefox is trying to scare people FOR NO REASON!!!!!

Nothing going on that wasnt happening 5 years ago.............. This is all for control and to try and scare people!!

cellar.org (Also VBB) has it setup right... If you goto The Cellar: the original neighborhood coffee shop, with no coffee and no shop the site WILL STAY in an HTTP session....If you goto HTTPS://cellar.org it will stay HTTPS.......

Firefox has caused alot of problems FOR NO REASON and I just thought I would come out and say this.....

This site for the most part does not stay http,ya have to change it back....... ITS SAD THAT PEOPLE ARE SO BLINDLY LEAD DOWN A CONTROL PATH.........


Insecure password warning in Firefox

https://support.mozilla.org/en-US/kb/insecure-password-warning-firefox


Note for developers

https://developer.mozilla.org/en-US/docs/Web/Security/Insecure_passwords
 

Dude111

An Awesome Dude
Joined
Aug 8, 2009
Messages
446
Well thats what Im trying to say... DONT LISTEN TO THIER SCARE TACTICS!!!!

Websites have always been the same...... All this BS the last year or so is just to try and scare people off of older stuff to NEWER stuff where hey can be more easily spied on!!! (I do firmly believe it)

I hope the staff doesnt think my content is too rough. Another site I posted this on deleted my reply saying it was TOO POLITICAL... They were not mad @ me,they just deleted my reply.....

There is one company that thier SSL certs work for all browsers.. Its called NO BROWSER LEFT BEHIND....

http://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind (This works for most browsers -- davidicke.com/forum is using it)


Im not trying to make anyone mad here,I just want you guys to USE YOUR OWN MINDS,dont let people run your life!!!! -- When you listen to this BS and act on it W/O ANY PROOF OF ANYTHING,you are doing just that!!!!!


Dont we all have a GOD GIVEN mind for a reason??????? -- Why willingly walk right into thier hands??
 
Status
Not open for further replies.
Top