VanguardLH <
V@nguard.LH> wrote:
Edge is presenting the following message before it even attempts to
establish a connection:
comcast.net doesn?t support a secure connection with HTTPS
I'm using Comcast as an example. I load Edge which opens a new tab to about:blank. I enter into the address bar:
comcast.net
Notice I did not specify http:// or https:// for the protocol. The web browser figures that out when it attempts to make a connection.
However, it seems Edge is bitching before it even makes a connection.
It doesn't like when I do not specify the protocol, and it displays a
bogus message. If I add https://, or use a bookmark to the site which
also has https://, Edge doesn't bitch about an insecure connection,
because it started with a URI that specifies the protocol.
After entering comcast.net into the address bar and getting the bogus non-secure warning, I click on "Continue to site". After continuing,
Edge then establishes a connection, and then it realizes the site does
have a valid certificate, and connects using HTTPS.
Many sites have HTTP connections that will redirect to HTTPS, but that
is after the initial HTTP connection. For this "doesn't support a
secure connection" warning, however, Edge has not connected to the site.
It presumes from the URL sans protocol that the site is insecure.
Any way to either stall Edge to wait until it connects to see what type
of connection the site will initiate (whether it starts with HTTP or
HTTPS), or to configure Edge to stop this bogus whining about insecure
sites that haven't had a chance to present a certificate? Don't use
what the user entered. The URI protocol will be required every time to
make a connection, but the web browser without hint from the URL should
try HTTP to see if HTTPS is accepted.
In Edge, there is the "Automatically switch to more secure connections
with Automatic HTTPS". Doesn't matter whether disabled or enabled.
Edge still bitches about an insecure that is secure.
I should not have to add the URI protocol (http:// or https://) when
manually inputting the URL in the address bar. The web browser should
figure that out by first trying HTTPS. If that fails, and the web
browser has to fallback to HTTP, *then* the web browser should warn the connect is insecure.
For those using something other than Edge, like Chrome, or Firefox, and
after you enter just "comcast.net" into the address and hit Enter, do
those web browser also puke out "this site is insecure" warning even
when the site really is secure?
Change OO Shutup to not disable anything in Edge. Still get the
insecure site nag for "comcast.net".
In Edge at edge://settings/privacy/security, what is your selection for:
_ Alerts you about insecure sites (Default)
_ Alerts you about insecure public and private sites
There is no option to turn off the alert, only change the scope it
encompasses. I don't need a big nag screen saying a site is insecure,
and having me click Continue. Just have the lock icon (site
information) at the left end of the address bar change colors (green =
secure, red = insecure), and flash 5 or 10 times when red to grab my
attention, but don't interrupt my surfing. I don't need nor want
handholding, like I'm a tot.
Are you saving cookies between web sessions (i.e., not purging them on
exit from Edge)? I have Edge configured to purge all its locally cached
data on its exit: browsing history, download history, cookies and other
site data, cached images and files, site permissions.
I thought cookies might explain why I get the insecure nag on the first
visit (no cookie yet, especially since I have yet to connect to the site
for it to save a cookie). On subsequent entries of "comcast.net" within
the same web session there is no nag. However, deleting the xfinity.com (Comcast) cookie, I still did not get the insecure nag on reentering comcast.net. Then I purged both cookies and browsing history. Voila,
now entering "comcast.net" reproduced the insecure nag. Then I tested
with just purging browsing history (keeping cookies).
If you keep browsing history, and have previously visited Comcast, Edge
sees that it managed to connect before to a secure site. No nag screen.
If you purge browsing history whether manually or with the purge-on-exit option, you get the insecure nag on entering "comcast.net".
I have Edge (and previously Firefox) purge all their locally cached data
on exit except for passwords (which is no longer a choice for purge
options). Purge-on-exit is not the default setting, and why others may
not get the insecure nag screen. So, yeah, my config of Edge differs
from other users who mostly just accept the defaults.
Unlike cookie purging with an option to exclude some sites (but those exclusions are site preferrences, so they still get deleted if purge
site preference is enabled on purge-on-exit), there is no exclude list
to browsing history purge-on-exit.
For privacy and security reasons, I have my web browsers purge all its
locally cached data on their exit. Browsing history is stored in webcachev01.dat, so forensic tools can interrogate that file to see
where you visited. I'm not paranoid about an intruder mounting my drive
to their computer to look in this file. It's just a privacy setting
that didn't seem to have a negative since I don't rely on browsing
history across web sessions, only within the same web session. It's a
privacy issue, easily enabled, and which I thought would have no impact
on my use of Edge since I don't give a gnat's fart about keeping my
browsing history across web sessions.
I'll have to reconsider if I continue purging browsing history on exit
from Edge to suffer the insecure nag which is presented before Edge even connects to the site to see if secure or not, or keep the history across
web session as a convenience feature that I don't need nor want.
--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)