Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Unread postby Internet Pathfinder » 2021-01-08, 21:56
About a month or two ago, Pale Moon suddenly stopped loading http links. If you click on a http link, or type one into the address bar, the green progress bar briefly shows up at halfway and then instantly "completes" without any change occurring. To actually load the link, you have to open it in a new tab (which will put the URL into the address bar of an about:blank page), manually add the s to the end of http, then hit enter and it will load as expected.
You get the same issue if you type a web address into the bar - If you skip the https:// part, it won't load the page, but will load the page if you manually type it in.
OS: Linux Mint 20.0
Pale Moon version: 28.17.0 (I might or might not have updated PM since I started having this problem)
About a month or two ago, Pale Moon suddenly stopped loading http links.
Do you have a reason why you didn't provide any http links you're having problems with?
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Would probably also help if you check the developer tools -> browser console and see if there are any errors thrown there when you observe this behavior.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Would probably also help if you check the developer tools -> browser console and see if there are any errors thrown there when you observe this behavior.
I restarted Pale Moon and pulled up one of the several dev consoles (Control-Shift-J/Tools->Web Developer->Browser Console seemed to be the closest fit), and I got nothing from attempting to connect to Amazon. There were a few messages I got on startup, but I don't know how important or unimportant they are.
SyntaxError: missing ] after element list[Learn More]
ssl-observatory.js:314:41
While creating services from category 'profile-after-change', could not create service for entry 'SSLObservatory', contract ID '@eff.org/ssl-observatory;1'
SyntaxError: redeclaration of let HTTPSEverywhere
ruleset-tests.js:1:1
<anonymous> chrome://https-everywhere/content/ruleset-tests.js:1:1
unreachable code after return statement[Learn More]
cysCommons.js:763:12
DEPRECATION WARNING: This path to Console.jsm is deprecated. Please use Cu.import("resource://gre/modules/Console.jsm") to load this module.
You may find more details about this deprecation at: https://bugzil.la/912121
Callstack:
resource://gre/modules/devtools/Console.jsm 19 null
chrome://completeyoutubesaver/content/cysCommons.js 22 null
Deprecated.jsm:85
warning resource://gre/modules/Deprecated.jsm:85:5
<anonymous> resource://gre/modules/devtools/Console.jsm:19:3
<anonymous> chrome://completeyoutubesaver/content/cysCommons.js:22:5
NS_ERROR_XPC_GS_RETURNED_FAILURE: Component returned failure code: 0x80570016 (NS_ERROR_XPC_GS_RETURNED_FAILURE) [nsIJSCID.getService]
https-everywhere.js:598
The Web Console logging API (console.log, console.info, console.warn, console.error) has been disabled by a script on this page.
About a month or two ago, Pale Moon suddenly stopped loading http links.
Do you have a reason why you didn't provide any http links you're having problems with?
Because AFAICT it's literally every web page sent over HTTP without SSL/TLS. Type amazon.com into the address bar, and Amazon won't load. If you instead type https://www.amazon.com the page will load just fine. www.amazon.com is also broken, but https://amazon.com will helpfully prepend the www. and load the page. Every URL I bookmarked from before I started using HTTPS Everywhere (that was several years ago) has suddenly become nonfunctional until I change the http to https. If I find an http:// link on the internet and try to use it, it doesn't work unless I copy the link into the address bar and manually add the s.
file:// URLs seem to load just fine, but I've only tried 2 pages.
I decided to test images by embedding one in a locally-stored HTML document (the image is http://images-na.ssl-images-amazon.com/ ... 37547_.png), and it loads with and without the s at the end of http. Strangely, copying and pasting this image's URL into the address bar with the http prefix does what I expect - It attempts a secure connection, establishes one, and loads the image.
That's what I initially typed, because I finally noticed the common thread a few days ago, and thought I had solved the mystery on why a good chunk of the the time PM wasn't working even though Firefox (56.0) was. However, I decided to do a little more testing to have a more complete reply, and discovered that it's not as black and white as I initially thought.
A non-exhaustive list of nonfunctional websites without https, but work with the https prefix:
No issues here but it does look like you have unmaintained Firefox extensions in your profile. Try disabling those and see if the issue persists. Also, please post the output of help -> troubleshooting information... in your reply (use the copy as text button) so we have an overview of configuration changes and extensions installed in your profile.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
It might not be related, but some sites have started incorrectly handling the HTTP to HTTPS redirection, probably because the usual browsers have started marking plain HTTP as dangerous and the webmasters did a half-assed job at becoming compatible.
Just throwing this hypothesis on the table.
Your hypothesis is poorly supported. That would only be the case if the default protocol in browsers has actually changed to be https instead of http (which to the best of my knowledge isn't the case).
As for why the broken redirection might be less noticed, I guess that would be primarily due to the https/hsts preload list which would prevent browsers employing it from ever even trying an http connection on such domains.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
I'm not sure I understand. What exactly should we be considering?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
It's worth considering that the websites could have a misconfiguration somewhere.
I do agree that it's a stretch (and the provided list of nonfunction sites actually works on my end), but that doesn't mean that the OP or whoever wants to help him/her could not try to get in touch with the webmasters about this possibility.
Ah I see. Well in this case I do think we need to rule out client-side issues first.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Busted HTTPSEverywhere could be a, no, THE problem.
That was it... Sort of. It's not HTTPS Everywhere exactly, it's a Pale Moon fork called Encrypted Web. I could have sworn I installed it from palemoon.org, but I can't seem to find it there now, and the Homepage link in about:addons is just the link to the EFF's HTTPS Everywhere, not the PM fork. I can enable every other addon I use and http://amazon.com redirects to https and loads, but when only Encrypted Web is enabled, http-prefix Amazon won't load.
Interestingly, while Amazon has special rules in Encrypted Web's preferences, Awkward Zombie doesn't.
Note to above: I had to upgrade (clean install) to Mint 20.1 today because an update broke my video HW acceleration. I haven't yet reapplied all my modifications, which included installing both older and newer versions of OpenSSL and disabling IPv6 in as many ways as possible. I did all my testing/troubleshooting for this post in my new install of Mint 20.1.
It's not HTTPS Everywhere exactly, it's a Pale Moon fork called Encrypted Web. I could have sworn I installed it from palemoon.org, but I can't seem to find it there now
It was abandoned by it's maintainer and eventually taken down.
There is another, currently maintained fork though: HTTPS Always
It's not HTTPS Everywhere exactly, it's a Pale Moon fork called Encrypted Web. I could have sworn I installed it from palemoon.org, but I can't seem to find it there now
It was abandoned by it's maintainer and eventually taken down.
There is another, currently maintained fork though: HTTPS Always
Thanks so much! It doesn't seem to work with as many sites as Encrypted Web used to, but it's definitely a more functional experience than Encrypted Web now.
Do keep in mind that trying to force https while not indicated by the server is a crutch at best and can break many things. It's like wanting to use the stage entrance to get into the theater: it might work, and it might get you into the normal space for the audience, but you may also end up getting lost in a prop room or elsewhere the theater's staff didn't expect you to end up in because you're supposed to use the normal entrance, no matter if others might see that you're going to the theater.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Unread postby New Tobin Paradigm » 2021-01-10, 10:50
Encrypted Web died a sudden death when squarefractal.. Whom I am convinced was just a rebranded access2godzilla (the original person who created pminstaller and the first linux builds) vanished one day for no tangible reason. However, his disgraced former brand slithered away like a coward when proven to not be all that and a bag of chips. See: The Serpent Saga for that.
Do keep in mind that trying to force https while not indicated by the server is a crutch at best and can break many things.
For sure something to keep in mind, but I've personally being doing that for about three years (maybe more) and have had very few problems in the last two, and almost none in the last one.
The web is effectively almost entirely on https as of now.
Of course you need to always be aware of the thing and be able to recognize the possible problems, it's better to have some knowledge of the matter but at this stage it's probably manageable by any user, if he remembers to try to disable the addon/setting whenever he encounters problems.
It is a sensible thing security-wise, if you consider tls secure enough and care about security.