Exceptions for certificate errors/safe browsing errors
73 views
Skip to first unread message
Ing. Mehmet Sen
Nov 25, 2025, 9:59:52 AM11/25/25
to enter...@mozilla.org
Hi!
Prevent overriding certificate errors = Enabled
Prevent overriding safe browsing errors = Enabled
However, some internal pages are inaccessible due to this policy. I've researched this, but unfortunately haven't found a way to add these URLs as exceptions.
Is there a solution for this?
Thanks in advance.
Mike Kaply
Nov 25, 2025, 12:47:47 PM11/25/25
to Ing. Mehmet Sen, enter...@mozilla.org
Can you be more specific as to what you mean?
As in people normally click on the override button to get to these specific pages?
Mike
Thanks in advance.--
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/a18a726c-a1d9-4c58-95a0-42f48f389f59n%40mozilla.org.
Ing. Mehmet Sen
Nov 26, 2025, 1:15:23 AM11/26/25
to enter...@mozilla.org, Mike Kaply, enter...@mozilla.org, Ing. Mehmet Sen
Yes, normally the user can access with the override button.
In our case we blocked it for security reason and the users are not be able to override any site now.
But we have some internal sites (for example network printer configuration via Web) that are not accessable with override button right now.
In Google Chrome for example we are able to configure second policy (SSLErrorOverrideAllowedForOrigins) to give access for a specific domain like "[*.]prod.company".
We need in Firefox a policy or Preferences to give a chance to override sites for the specific domain.
I hope it is now clear enough.
Thanks in advance.
Mike Kaply
Nov 26, 2025, 1:35:30 PM11/26/25
to Ing. Mehmet Sen, enter...@mozilla.org
These overrides are stored in a file called "cert_override.txt" in the users profile. So you can visit the sites you need to override and then distribute that file to your users.
I realize that's not a great answer, but folks have done it in the past.
I agree we should have a policy for this (It's come up before), so I've opened this bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=2002600
https://bugzilla.mozilla.org/show_bug.cgi?id=2002600
for it.
Hopefully we'll get to it soon.
Mike
Paul Kosinski
Dec 29, 2025, 2:43:40 PM12/29/25
to Mike Kaply, enter...@mozilla.org
I run Firefox configured so that it *always* shows the menu bar and the URL/Search bar.
I have noticed that many Web sites create new windows when you click on certain (site-specific) buttons, but the new window does not even have a menu bar (or a URL bar saying what it is).
The makes it impossible to perform certain functions such as printing the page you are looking at, or even knowing where it comes from.
Is there an option (e.g., about:config) to control what new windows must *always* include?
Thanks
I have noticed that many Web sites create new windows when you click on certain (site-specific) buttons, but the new window does not even have a menu bar (or a URL bar saying what it is).
The makes it impossible to perform certain functions such as printing the page you are looking at, or even knowing where it comes from.
Is there an option (e.g., about:config) to control what new windows must *always* include?
Thanks
Mike Kaply
Dec 30, 2025, 10:27:36 AM12/30/25
to Paul Kosinski, enter...@mozilla.org
Can you provide an example?
My recollection is that we should always show a URL bar (albeit not editable).
The menubar, though, is deliberately not shown as those windows aren't normal browser windows.
See windowFeatures here:
Mike
Andrew J. Buehler
Dec 30, 2025, 10:43:57 AM12/30/25
to enter...@mozilla.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2025-12-30 at 10:27, 'Mike Kaply' via enter...@mozilla.org wrote:
> Can you provide an example?
>
> My recollection is that we should always show a URL bar (albeit not
> editable).
>
> The menubar, though, is deliberately not shown as those windows
> aren't normal browser windows.
>
> See windowFeatures here:
>
> https://developer.mozilla.org/en-US/docs/Web/API/Window/open
This has always struck me as an undesirable feature, from the user's
perspective.
I can certainly understand why Web developers would want it, especially
ones who are trying not to create a Web page but to build a Web app (on
which subject I will refrain from subjecting you to some much lengthier
and more vitriolic opinions).
- From a user-friendliness perspective, however, it has always seemed to
me that there should be an option to say "I know the Website didn't want
there to be a [URL bar / menu bar / whatever] on this window, but I want
to override that and make it show me one" - both as a global override
preference, and optionally on the fly, on a per-window and even
per-hidden-widget basis.
I've certainly been bitten enough times by *not* being able to do that,
in practice. I've gone looking for ways to apply such an override, and
as far as I recall, not found any sign that there might be any.
Given the position Mozilla has tried to take at various points about
ensuring that the user is in control, I find it at least a bit
surprising that no such capability appears to be offered.
(Having the URL bar shown but not editable would address some of the use
cases I've had for this type of thing, but not all. Again from a
user-control perspective, the idea of presenting a non-editable address
bar seems strange to me; if the user wants to repurpose an
automatically-opened window to navigate somewhere else, there should be
nothing preventing that, any more than there would be with a window the
user opened manually. Similarly, there should be nothing preventing
opening a new tab in such an automatically-opened window, and having it
behave like any other tab. There should be nothing special about a
window opened in response to a Web page's request, except perhaps for
its initial/default state; every browser window should be the same at
its base, just a container that can hold one or more tabs, and with all
the same characteristics - whether hidden or not - of every other
browser window.)
- --
Andrew J. Buehler
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEJCOqsZEc2qVC44pUBKk1jTQoMmsFAmlT8yoVHHdhbmRlcmVy
QGZhc3RtYWlsLmZtAAoJEASpNY00KDJrKU0P+wcNErpajX5r9sbuU0twBMxSgqYy
sW7fzs9Tc0uARbQtRtsPcaPCp1V4It6eL08VX1OYXp6zU/z6O4nmp4CK2Lfi6D88
HgYs2b7Niw3GZDsCcxYXiWGvYyXfTumLpPt4tyeNbV5RL9RR+LUdqKliMMxcJDpS
h1ZFId1B5MtC1fPJhiHAkLhgbanBdZOwmkyMDSbk/rMoUhRkxarBh/mCVR1xfwOF
El90viSPMYhlQzn9D/V/t+rTyLnK9OLLmzwaDn+koG0KdZg07ckjeFtQHK7fcWYP
VlAx+B0qsQSNZgO5hJrubsHr5TBkAlswXY1ZmumQK5pm6jUCYiT4PqKg/tWfy4lG
LuitXuYA+76gE/LQeL5Tf55Pwaey5dtn1zhbO68i64kGfV8Nb3Ptn4/i9ly4eG1n
SIY9yYK30WnXgRI1dnLWQa04u0g66vu5PRDTeazaUtVz4Uk5GesrPbT64oLEKJdf
fbdMzlijaA1tPYhh/UfW4/7vnfocGlUiBTVbC1n19YuO0moFOPfGO+ubgqsrRds0
YTnRunsWibeboAkXkHJtyhE9CJXEHG1iUZJPVkSOfZN4BadsNQtNMqyR2xsdk2QY
AejURQ4+CMXKKaPDlavsUxChEujpKC9EJvwe0NLn7hgweni3w/G2fNvVXbuAor+n
Cyw1NT5K4z8MssLq
=oJBk
-----END PGP SIGNATURE-----
Hash: SHA512
On 2025-12-30 at 10:27, 'Mike Kaply' via enter...@mozilla.org wrote:
> Can you provide an example?
>
> My recollection is that we should always show a URL bar (albeit not
> editable).
>
> The menubar, though, is deliberately not shown as those windows
> aren't normal browser windows.
>
> See windowFeatures here:
>
> https://developer.mozilla.org/en-US/docs/Web/API/Window/open
perspective.
I can certainly understand why Web developers would want it, especially
ones who are trying not to create a Web page but to build a Web app (on
which subject I will refrain from subjecting you to some much lengthier
and more vitriolic opinions).
- From a user-friendliness perspective, however, it has always seemed to
me that there should be an option to say "I know the Website didn't want
there to be a [URL bar / menu bar / whatever] on this window, but I want
to override that and make it show me one" - both as a global override
preference, and optionally on the fly, on a per-window and even
per-hidden-widget basis.
I've certainly been bitten enough times by *not* being able to do that,
in practice. I've gone looking for ways to apply such an override, and
as far as I recall, not found any sign that there might be any.
Given the position Mozilla has tried to take at various points about
ensuring that the user is in control, I find it at least a bit
surprising that no such capability appears to be offered.
(Having the URL bar shown but not editable would address some of the use
cases I've had for this type of thing, but not all. Again from a
user-control perspective, the idea of presenting a non-editable address
bar seems strange to me; if the user wants to repurpose an
automatically-opened window to navigate somewhere else, there should be
nothing preventing that, any more than there would be with a window the
user opened manually. Similarly, there should be nothing preventing
opening a new tab in such an automatically-opened window, and having it
behave like any other tab. There should be nothing special about a
window opened in response to a Web page's request, except perhaps for
its initial/default state; every browser window should be the same at
its base, just a container that can hold one or more tabs, and with all
the same characteristics - whether hidden or not - of every other
browser window.)
- --
Andrew J. Buehler
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEJCOqsZEc2qVC44pUBKk1jTQoMmsFAmlT8yoVHHdhbmRlcmVy
QGZhc3RtYWlsLmZtAAoJEASpNY00KDJrKU0P+wcNErpajX5r9sbuU0twBMxSgqYy
sW7fzs9Tc0uARbQtRtsPcaPCp1V4It6eL08VX1OYXp6zU/z6O4nmp4CK2Lfi6D88
HgYs2b7Niw3GZDsCcxYXiWGvYyXfTumLpPt4tyeNbV5RL9RR+LUdqKliMMxcJDpS
h1ZFId1B5MtC1fPJhiHAkLhgbanBdZOwmkyMDSbk/rMoUhRkxarBh/mCVR1xfwOF
El90viSPMYhlQzn9D/V/t+rTyLnK9OLLmzwaDn+koG0KdZg07ckjeFtQHK7fcWYP
VlAx+B0qsQSNZgO5hJrubsHr5TBkAlswXY1ZmumQK5pm6jUCYiT4PqKg/tWfy4lG
LuitXuYA+76gE/LQeL5Tf55Pwaey5dtn1zhbO68i64kGfV8Nb3Ptn4/i9ly4eG1n
SIY9yYK30WnXgRI1dnLWQa04u0g66vu5PRDTeazaUtVz4Uk5GesrPbT64oLEKJdf
fbdMzlijaA1tPYhh/UfW4/7vnfocGlUiBTVbC1n19YuO0moFOPfGO+ubgqsrRds0
YTnRunsWibeboAkXkHJtyhE9CJXEHG1iUZJPVkSOfZN4BadsNQtNMqyR2xsdk2QY
AejURQ4+CMXKKaPDlavsUxChEujpKC9EJvwe0NLn7hgweni3w/G2fNvVXbuAor+n
Cyw1NT5K4z8MssLq
=oJBk
-----END PGP SIGNATURE-----
Mike Kaply
Dec 30, 2025, 10:49:08 AM12/30/25
to Andrew J. Buehler, enter...@mozilla.org
One of the reasons for not showing the menu bar is that a lot of the actions in the menu bar could actually break the popup window (like showing a sidebar or opening a new tab).
The URL bar should show though.
Mike
--
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/6953F336.6080005%40fastmail.fm.
Reply all
Reply to author
Forward
0 new messages