How can I enable HTTP in Safari settings

I’m familiar. This is the ZTNA client connecting to the Forticloud aka FortiSASE. From the message I get back in Safari, it’s because the Forticlient uses the browser during the SAML process and it’s using port 8020 to call back to the Forticloud Web Content Filtering and the “Not Secure Connection Warning” toggle in Safari is blocking it, not warning on it. Instead of a warning I get “Navigation failed because the request was for an HTTP URL with HTTPS-Only enabled”

If I turn the toggle to off, the connection works. I have a ticket open with Fortinet but it seems like a bug with the function of the toggle setting the browser to HTTPS-Only vs a warning. Idk

It means of course that the website you are trying to access is insecure and not protected in any way from malware, hacking, and remote intrusions. It’s likely very dangerous to try and load that URL.

If you insist go to Safari->Settings->Security and turn off the warnings and try again. Do you by chance have the "HTTPS-Only for Safari” extension installed also? That error message seems to say you do.

See instructions above to disable the warning for "Not Secure Connection" on iOS/iPadOS and "connecting to a website over HTTP" for MacOS. This will then behave like it did before the December update. You'll be just as secure/insecure as you were before.

I would recommend that you don't give up on Safari. It's not a Safari bug, per se. It is Apple trying to help you be more secure, blocking what has always been insecure sites. They shouldn't have been so draconian and instead just displayed a warning.

The best solution in the long term is for the vendors to update their sites to be secure and use HTTPS, and then for you to re-enable the warning in Safari. That's where you can help yourself (and others in your organization) by notifying the vendors.

lkrupp wrote:

It means of course that the website you are trying to access is insecure and not protected in any way from malware, hacking, and remote intrusions. It’s likely very dangerous to try and load that URL.

No, that is not what it means at all. It means that your connection to that website is not encrypted. That is all. On a website that only serves static content that is not personally sensitive, this has no security implications at all, because such as site wouldn't be vulnerable to malware or hacking anyway. But obviously if you are sending password, credit card numbers, any personal data of any kind to the site, then you would want that data encrypted.

Conversely, a site having the most highly-verified SSL certificate ONLY assures you that your connection to it is encrypted. It does not tell you that they don't have an open telnet port giving all and sundry access to their inner mcgubbins.

nassssy wrote:

I have this message when I want to download the contents of the board (jpg) from the interactive whiteboard at my school via QR code. The problem only affects Safari.

Contact the support organization for the whiteboard vendor.

nassssy wrote:

I work in several schools on different boards. The problem affects most of them. Before the system update there was no problem.

It would not surprise me to learn this bug is with the Apple, and the support organization for the app knows the details, or this might be a bug in the scholastic software itself exposed by the Apple update and that now needs a fix.

Or that Apple tightened the certificate requirements as has been happening, whether effecting the app use of certificates, or effecting the certificate vendor.

All are possible.

As are other potential causes.

All involve working with the provider of the app too, as they know their app best, and (being the support path) will have heard about any common issues involving their app.

This detail in particular implies it is the app centrally involved: “Navigation failed because the request was for an HTTP URL with HTTPS-Only enabled". The HSTS policy is usually a website or web service misconfigured, and the Safari update is now detecting a transport-related error that was previously undetected. The website or web service told Safari to use only HTTPS, and then the website didn’t. That’s a “pick one” error.

Or the website downgraded to HTTP, and the previous policy is still being cached.

(The transport policy details are the sort of flaw might have been used elsewhere as part of a security breach too, but we don’t know those details (yet?).)

Or, yeah, it’s an Apple Safari bug.

Again, contact the app vendor.

I'll write more precisely: I work in several schools, which means that the problem occurred in several different boards (exactly: 4 different manufacturers). The problem is on the side of apple developers.

I solved the problem on the iPhone. I had to disable the safari settings "warnings before unsecured connection".

And this is an apple error because a warning warning before an unsecured connection is not the same as blocking an unsecured connection.

There are presently serious security issues (CVE-2024-55591) with Fortinet gear, with active exploits happening.

If that gear is not already patched to current, get there.

https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild

If that Fortinet VPN client is possibly downgrading secure connections to insecure connections to scan traffic, that too can lead to connection issues.

Check with whomever is maintaining your Fortinet gear, or with Fortinet support, particularly if this HTTP/HTTPS error is arising only with that VPN active.

I’m having this same issue and have tried everything I can think of to resolve it. My devices (an iPhone 7 Plus iOS 15.8.3 and an iPad 9 iOS 18.2) do not have the extension referenced in your reply. My settings are correct…I’m signed into both with the same Apple ID, both have iMessages enabled in iCloud. Text message forwarding is enabled. I can access my router’s settings on the iPhone but not the iPad. Following is what I’ve done to try and resolve it:

*Reset network settings on both devices.

*Turned both off, then back on.

*Used the iPhone to access my router’s settings and rebooted the router.

*A hard reset on both devices.

*Reset all settings on both devices.

*A text sent from my iPhone to the iPad did did show on the iPad.

*Erased the iPad and restored to from a backup.

*Had someone else send me a test text and it was received on the iPad.

*Toggled iMessage off, then back on on both.

Any ideas as to what the resolution is to this? Thanks in advance!

The error message seems to be in error. Irony. (I got the same error message; I do not have, to my knowledge, any extension named "HTTPS-Only for Safari" installed on my iPad.)

I getting this error while trying to use the Fortinet Forticlient for VPN. It was working prior to this.

I have this message when I want to download the contents of the board (jpg) from the interactive whiteboard at my school via QR code. The problem only affects Safari.

I work in several schools on different boards. The problem affects most of them. Before the system update there was no problem.

The website app developers do appear to have HTTP/HTTPS issues, yes. Scan the app websites, and verify.

I don't have time to communicate with all the companies producing the boards. It's easier to give up safari. :)