| Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
| kb:addon_could_not_be_downloaded [2015/01/27 22:00] – dstillman | kb:addon_could_not_be_downloaded [2017/11/12 19:53] – external edit 127.0.0.1 |
|---|
| === "The add-on could not be downloaded because of a connection failure on www.zotero.org." === | <html><p id="zotero-5-update-warning" style="color: red; font-weight: bold">We’re |
| | in the process of updating the documentation for |
| | <a href="https://www.zotero.org/blog/zotero-5-0">Zotero 5.0</a>. Some documentation |
| | may be outdated in the meantime. Thanks for your understanding.</p></html> |
| |
| If you receive the above error when attempting to install the Zotero Firefox extension, something on your system or network is likely intercepting secure (HTTPS) connections to zotero.org. To determine whether your connection is being intercepted, check the [[site certificate info]]. | |
| |
| == Quick Fix == | === "The add-on could not be downloaded because of a connection failure on www.zotero.org." === |
| | |
| If the site certificate information points to security software on your system (Bitdefender, Avast), disable the SSL/TLS/HTTPS scanning feature of that software. The exact name of the feature will vary. Consult the software's documentation for help. | |
| | |
| == More Details == | |
| | |
| To ensure the security and privacy of its users, Zotero requires all connections to be made over HTTPS, which ensures that you're connecting directly to a remote website and that your connection is encrypted. However, software installed on your system, or your network administrator, can override the security protections of HTTPS, essentially masquerading as any website. Some security software does this in an attempt to provide additional security: it intercepts HTTPS connections, scans the contents itself, and then reencrypts the data and sends it to the original website in a new connection. While the makers of such software would argue that they're protecting you with this feature by searching for malware served over HTTPS, this behavior breaks a fundamental security feature built into web browsers. You can think of it as someone going through all your postal mail, reading every letter, and warning you if they find any junk mail: while what they're doing is potentially useful, they really have no business snooping around in your mail. (And in some cases, antivirus vendors have even [[http://www.howtogeek.com/199829/avast-antivirus-was-spying-on-you-with-adware-until-this-week/|stuck their own ads into the envelopes]] before resealing them.) | |
| | |
| While such behavior is usually undetectable without manually inspecting certificate information, Firefox provides additional protections when installing add-ons and rejects installation attempts from connections that aren't truly secure, resulting in the above message. To fix this, disable the SSL/TLS/HTTPS scanning feature in the security software and try the installation again. While you could then reenable the scanning feature, doing so would prevent automatic updates to Zotero and other Firefox add-ons, so you may run into compatibility issues or bugs later that have already been fixed. | |
| | |
| If the certificate information identifies your institution as the intercepting party, you'll need to speak to your network administrator and request that they stop intercepting your secure connections to websites, though it may be a condition of your use of the network. | |
| | |
| As a workaround to fixing your network connection, you can save the Zotero for Firefox XPI file to disk and then drag it into Firefox, but you won't receive future updates automatically. | |
| |
| To force Firefox to download add-ons and add-on updates over intercepted connections, enter "about:config" in the Firefox address bar, right-click on the list of settings that appears, select New -> Boolean, enter "extensions.install.requireBuiltInCerts" for the property name, and choose "true" for the value. Repeat this for "extensions.update.requireBuiltInCerts". Be aware that there will no longer be a guarantee that you are receiving legitimate versions of Zotero and other add-ons unless you return to about:config and disable those preferences. | This message previously could appear when attempting to download Zotero Firefox extensions on systems or networks that intercepted secure (HTTPS) connections to zotero.org. We've since put a workaround in place that allows installations to take place over such connections. |
| |
| {{tag>kb basics}} | Automatic updates will continue not to work over such connections, however. See [[Updates Not Detected]] for more details. |
Upgrade Storage