[clug] firefox started rewriting http->https?
Matthew Bonner
matthew.a.bonner at gmail.com
Sun Jun 12 08:46:56 UTC 2016
On Sun, Jun 12, 2016 at 09:33:56AM +1000, Eyal Lebedinsky wrote:
> In the last few days I have a problem where the browser goes to
> https:// when I request http://. This is very disruptive, for example
> http://www.bom.gov.au/ was working but https gets no response. Other
> sites may accept https.
I am wondering if this behaviour may be caused by HTTP Strict Transport
Security headers served incorrectly - or generously or as intended
depending on POV - by a bom.gov.au or gov.au domain.
"Once a supported browser receives this header that browser will prevent
any communications from being sent over HTTP to the specified domain and
will instead send all communications over HTTPS. It also prevents HTTPS
click through prompts on browsers."
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
HTH,
Matthew
More information about the linux
mailing list