[clug] firefox started rewriting http->https?

Eyal Lebedinsky eyal at eyal.emu.id.au
Sun Jun 12 09:17:42 UTC 2016

On 06/12/16 18:46, Matthew Bonner wrote:
> On Sun, Jun 12, 2016 at 09:33:56AM +1000, Eyal Lebedinsky wrote:
>> In the last few days I have a problem where the browser goes to
>> https:// when I request http://.  This is very disruptive, for example
>> http://www.bom.gov.au/ was working but https gets no response.  Other
>> sites may accept https.
> I am wondering if this behaviour may be caused by HTTP Strict Transport
> Security headers served incorrectly - or generously or as intended
> depending on POV - by a bom.gov.au or gov.au domain.
> "Once a supported browser receives this header that browser will prevent
> any communications from being sent over HTTP to the specified domain and
> will instead send all communications over HTTPS. It also prevents HTTPS
> click through prompts on browsers."
> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
> HTH,
> Matthew

This was my first thought, but the problem was not specific to BOM,
and even hit when I accessed a file from my home web server.

BOM does not serve https and as such I doubt is asks for it.

I now think that some HSTS rule (in firefox) got over eager, as I am sure my
own server does not request this.


Eyal Lebedinsky (eyal at eyal.emu.id.au)

More information about the linux mailing list