How to fix missing "I Understand the Risks" section / "Add Exception..." button

Post your tutorials for using applications or performing related tasks here.
Note: Not for "how do I...?" Questions!
Forum rules
Tutorials and Howtos should only relate to developed software, and not to third party applications. e.g.: Don't post a generic Howto for configuring a firewall.
If you have a question how to do something, you should use one of the support boards, not this board. It is meant for people to document and post instructions.
User avatar
CrouZ
Moongazer
Moongazer
Posts: 11
Joined: 2019-07-05, 10:39

How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by CrouZ » 2021-05-06, 08:03

Problem:
Certificate/security issue with a site makes you reach the "This Connection is Untrusted" page, but you cannot proceed to the site because the "I Understand the Risks" section that contains the "Add Exception..." button is missing.
2021-05-06 Pale Moon - Missing I Understand the Risks section with Add Exception button.png
Related threads:
viewtopic.php?f=29&t=10466&p=72660&hili ... on+missing
viewtopic.php?f=3&t=3437&p=19710&hilit= ... on+missing

Solutions:
Alternative 1 (small effort, some side effects). Clear all site connectivity data.
Steps:
1. Press Ctrl+Shift+Del
2. Time range to clear: "Everything"
3. Check "Site Connectivity Data"
4. Press "Clear Now"
5. Reload the site

Alternative 2 (medium effort, no side effects). Remove site specific connectivity data.
Steps:
1. Close Pale Moon
2. Open SiteSecurityServiceState.txt in your Pale Moon profile.
3. Remove the line related to the page you're having trouble with.
4. Start Pale Moon again

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2181
Joined: 2018-05-05, 13:29

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by vannilla » 2021-05-06, 08:08

Real solution: contact the site administrators and tell them their site is not secure.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35403
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by Moonchild » 2021-05-06, 08:52

It's not a fix, it's a workaround.
Website owners need to understand that if they send an HSTS header they are making a solid promise that their site security is in order and will be in order for at least as long as they make the promise for (HSTS is a long duration commitment).
If they can't make that commitment then they have no business sending HSTS headers!

The browser is rightfully denying you to make exceptions because it would be breaking a promise. Users likewise need to understand that they should never do what is outlined in the opening post, and instead do what vanilla posted (i.e. contact the website owners). You are purposefully breaking a security mechanism that is in place to protect you.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Baloo
Fanatic
Fanatic
Posts: 167
Joined: 2017-08-24, 15:02

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by Baloo » 2021-05-08, 17:04

Yeah, don't maneuver around safety protocols that are there for a reason.
Image
Image

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 933
Joined: 2017-12-14, 12:59

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by gepus » 2021-05-08, 20:45

@CrouZ

Bringing the button back for wwww.fazerfoodco.se - do it at your own risk.
browser.xul.error_pages.expert_bad_cert = true

In case you add an exception, do it at least in a private window so the exception won't be saved.

User avatar
jobbautista9
Keeps coming back
Keeps coming back
Posts: 780
Joined: 2020-11-03, 06:47
Location: Philippines
Contact:

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by jobbautista9 » 2021-05-09, 07:33

gepus, please don't encourage bad security practices, even if you include a "do it at your own risk" warning. Moonchild has already said why it's a very bad idea to bypass HSTS.
Image

merry mimas

XUL add-ons developer. You can find a list of add-ons I manage at http://rw.rs/~job/software.html.

Mima avatar by 絵虎. Pixiv post: https://www.pixiv.net/en/artworks/15431817

Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35403
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by Moonchild » 2021-05-09, 09:33

gepus wrote:
2021-05-08, 20:45
browser.xul.error_pages.expert_bad_cert = true
If you're not a security expert and know exactly what you are doing and all the implications of it, you should not change that preference. Hint is in the name.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Lunokhod
Lunatic
Lunatic
Posts: 469
Joined: 2017-04-20, 21:25
Contact:

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by Lunokhod » 2021-05-09, 20:20

https://www.top-rated.online/cities/Lan ... ang+Hermes
Here the website address is given as http, not https. But trying to go to it results in the s getting added and the error. In Firefox it says the certificate expired in 2020 and lets you choose to proceed with a button, and then it doesn't take you there at all but redirects to here:
https://www.foodandco.se/
and you can get to that without any error message at all from Pale Moon, so the actual site you are trying to get to is secure and up to date, so it appears it's only a redirect from an old address that's failing in the example?
Wait, it's all Ohio? Always has been...

User avatar
Lunokhod
Lunatic
Lunatic
Posts: 469
Joined: 2017-04-20, 21:25
Contact:

Re: How to fix missing "I Understand the Risks" section / "Add Exception..." button

Unread post by Lunokhod » 2021-05-10, 01:57

Reading more about this I see why this is like this now, because the browser can't know where the site redirects to in advance. Although it is possible to get free ssl certificates from places like letsencrypt, for businesses who employ 3rd parties to provide their website this may not be an option, so it's a problem with the system in general that a redirect from an old domain needs a valid ssl for as long as it exists.
I did find this workaround to get the redirect address from the site without visiting it though, this ssl / security test:
https://www.ssllabs.com/ssltest/
(which I'm sure Moonchild showed me something on here before) and amongst the results from the (lengthy) tests it runs is the redirect!
HTTP forwarding https://foodandco.se
And then I found this site which tests only redirects and gives a very fast answer:
https://www.redirect-checker.org/index.php
So that could be useful (although you would then have to try and determine if the redirect was safe to visit if you got this for real.)
Wait, it's all Ohio? Always has been...

Locked