WARNING New Firefox feature WILL break SQRL


PHolder

Well-known member
May 19, 2018
1,207
202
Firefox recently implemented (and even promoted) a new feature for HTTPS Only mode. This feature stupidly applies to localhost connections, which will break the SQRL client connection.

@Steve should probably mention this on the podcast. Other people should report feedback to Firefox to let them know they're applying "security" to a connection which is already secure. They need to fix it or allow an exception checkbox, or something. (In Firefox, under help, there is an option to send feedback.)

Here's an info graphic if you need one:


2020Nov21_DeadSQRL.png
 

shanedk

Well-known member
May 20, 2018
420
112
Bug #1220810 is supposed to fix this. It hardcodes localhost to the loopback addresses. In the process, it makes localhost addresses Secure Context so it won't enforce HTTPS-Only on them. Apparently, there's still a bug with *.localhost subdomains, but that shouldn't affect SQRL.
 

PHolder

Well-known member
May 19, 2018
1,207
202
Thanks for the info @shanedk . Here's hoping they actually do manage to get it fixed. I am fast losing faith in Mozilla to do anything like the right thing any more. :cautious:
 

Russell

Member
Apr 28, 2019
10
0
When I first set up SQRL I had the same problem using EFF's HTTPS Everywhere. I ended up having to tell HTTPS Everywhere to ignore this site in order for SQRL to do it's thing.