[clug] firefox started rewriting http->https?
Eyal Lebedinsky
eyal at eyal.emu.id.au
Sun Jun 12 09:17:42 UTC 2016
On 06/12/16 18:46, Matthew Bonner wrote:
> On Sun, Jun 12, 2016 at 09:33:56AM +1000, Eyal Lebedinsky wrote:
>> In the last few days I have a problem where the browser goes to
>> https:// when I request http://. This is very disruptive, for example
>> http://www.bom.gov.au/ was working but https gets no response. Other
>> sites may accept https.
>
> I am wondering if this behaviour may be caused by HTTP Strict Transport
> Security headers served incorrectly - or generously or as intended
> depending on POV - by a bom.gov.au or gov.au domain.
>
> "Once a supported browser receives this header that browser will prevent
> any communications from being sent over HTTP to the specified domain and
> will instead send all communications over HTTPS. It also prevents HTTPS
> click through prompts on browsers."
>
> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
>
> HTH,
>
> Matthew
This was my first thought, but the problem was not specific to BOM,
and even hit when I accessed a file from my home web server.
BOM does not serve https and as such I doubt is asks for it.
I now think that some HSTS rule (in firefox) got over eager, as I am sure my
own server does not request this.
cheers
--
Eyal Lebedinsky (eyal at eyal.emu.id.au)
More information about the linux
mailing list