Safari inserts an "s" after "http" giving site not found errors for standard http sites. Safari does this on my iMac, Powerbook, and iPad. The workaround is to manually delete the offending "s" in the address bar, which is extremely aggravating. Is there a way to stop Safari from doing this, or do I need to switch to Firefox?
[Re-Titled by Moderator]
MacBook Pro (M1, 2020)
Hey there! Oh, that automatic "http" to "https" switch in Safari is super annoying, especially for sites that only work without the "s". Here are a few fixes:
[Edited by Moderator]
Hey there! Oh, that automatic "http" to "https" switch in Safari is super annoying, especially for sites that only work without the "s". Here are a few fixes:
[Edited by Moderator]
HogeyeBill wrote:
When you write, "It is now expected that all websites should be secured and using the https protocol to encrypt the communication", what you really mean is that webmasters have to pay some firm for a certificate.
Absolutely! They must also pay to host the site and provide DNS services along with the time/money to create the site. I would never recommend anyone use an unsecured website, especially if they are planning on providing any personal/financial information or even to create an account. Thankfully Safari users in its default configuration don't have to worry about constantly checking if the site is secured or if they happened to be redirected to an unsecured site.
With that said, there may be a way to force Safari to go to a http site especially since there is an option at Safari > Settings > Security to warn you when visiting an unsecured website, You may be able to delete the file at ~/Library/Cookies/HSTS.plist, but I have no idea if that would work for you.
That is why for your post of if you should use Firefox to avoid having to delete the "s", I said YES. That is the easiest solution for you when you find it aggravating as you mentioned in your original post and you have the need to frequently visit unsecured websites.
Check out Let's Encrypt for free SSL Certificates:
https://letsencrypt.org/about/
The information is actually provided by the Mozilla/Firefox blog seen here along with the benefits of https:
There is no such thing as a "standard http" site. It is now expected that all websites should be secured and using the https protocol to encrypt the communication. If accessing unsecured websites is part of your normal workflow, then personally I would recommend using Firefox if that will achieve what you want. Here is a similar post:
Want to View "Not Secure" Websites on Saf… - Apple Community
When you write, "It is now expected that all websites should be secured and using the https protocol to encrypt the communication", what you really mean is that webmasters have to pay some firm for a certificate. What a scam! Do I have to do that for every domain I use? And what's with the passive voice? Who expects all websites to pay for security certificates. Firms selling them?
In short, from my web page publishing perspective, it seems that I am being forced to pay yearly security certificate fees for every domain I host, and Safari is aiding and abetting this ripoff by disabling my http web pages.
"It is now expected that all websites ... have to pay some firm for a certificate."
"Absolutely! They must also pay to host the site ..."
I already have a web hosting service. I'm concerned that some unknown asswipes (you didn't say who) are suddenly trying to make me pay for "security certificates" that I don't want or need.
I already tried deleting the HSTS using the Developer menu item "clear caches". It sometimes works temporarily. Also I have tried eliminating the web info via the Security/Privacy settings. Again, I get sporadic results and it soon resumes censoring my http pages.
Thanks for the https://letsencrypt.org/about/ tip. If I can register for free without giving them passwords, I will do that. I'll check them out and get back to you.
HogeyeBill wrote:
Thanks for the https://letsencrypt.org/about/ tip. If I can register for free without giving them passwords, I will do that. I'll check them out and get back to you.
Please do. I don't know any browser that will not at least display a warning to the user that the site they want to go to go to is not secure. Depending on the browser the warning may say something like "Warning, Potential Security Risk Ahead", or explain to the user that any information provided may be compromised. That is not exactly what you would want a user to see when they are going to your website.
I am all for not having to pay for the SSL certificate and hopefully that will work for you. From a user perspective, having an Https site is expected. For a website designer you wants users to come to their site and spends the money and time in developing and hosting the site, you just don't want users to see a warning that your website is dangerous and that is what they will see no matter what browser they use, without the SSL certificate.
How can I prevent Safari from automatically adding 's' after 'http' for standard websites?
