I agree that Facebook should fix this error. But according to our telemetry, this error is the most common failure mode for when HTTPS-Only Mode is enabled. In the Facebook case are seeing this error only because HTTPS-Only Mode is enabled. With HTTPS-Only Mode disabled, users who enter "facebook.de" (without a scheme) would simply be taken to the HTTP version of facebook.fr and the redirect would happen without any warning at all. I wonder in general if we can distinguish two situations when a user enters "facebook.fr" (with no scheme): 1. The warning will be seen by every user 2. The warning will only be seen in HTTPS-Only Mode In case (2), it would be ideal if we could show only the HTTPS-Only Mode error page, thereby making it somewhat easier for users to understand that HTTPS Only Mode is responsible, and simpler to click through to their destination (by sending them to the HTTP version of facebook.fr). To distinguish (1) and (2) we could run an HTTP test request in the background to see if the HTTP version is available. If it is unavailable, or redirects back to the HTTPS version, then we are in case (1); if it is available, then we are in case (2).
Bug 1650779 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I agree that Facebook should fix this error. But according to our telemetry, this error is the most common error seen when HTTPS-Only Mode is enabled. In the Facebook case are seeing this error only because HTTPS-Only Mode is enabled. With HTTPS-Only Mode disabled, users who enter "facebook.de" (without a scheme) would simply be taken to the HTTP version of facebook.fr and the redirect would happen without any warning at all. I wonder in general if we can distinguish two situations when a user enters "facebook.fr" (with no scheme): 1. The warning will be seen by every user 2. The warning will only be seen in HTTPS-Only Mode In case (2), it would be ideal if we could show only the HTTPS-Only Mode error page, thereby making it somewhat easier for users to understand that HTTPS Only Mode is responsible, and simpler to click through to their destination (by sending them to the HTTP version of facebook.fr). To distinguish (1) and (2) we could run an HTTP test request in the background to see if the HTTP version is available. If it is unavailable, or redirects back to the HTTPS version, then we are in case (1); if it is available, then we are in case (2).
I agree that Facebook should fix this error. But according to our telemetry, this error is the most common error seen when HTTPS-Only Mode is enabled. In the Facebook case are seeing this error only because HTTPS-Only Mode is enabled. With HTTPS-Only Mode disabled, users who enter "facebook.de" (without a scheme) would simply be taken to the HTTP version of facebook.de and the redirect would happen without any warning at all. I wonder in general if we can distinguish two situations when a user enters "facebook.de" (with no scheme): 1. The warning will be seen by every user 2. The warning will only be seen in HTTPS-Only Mode In case (2), it would be ideal if we could show only the HTTPS-Only Mode error page, thereby making it somewhat easier for users to understand that HTTPS Only Mode is responsible, and simpler to click through to their destination (by sending them to the HTTP version of facebook.fr). To distinguish (1) and (2) we could run an HTTP test request in the background to see if the HTTP version is available. If it is unavailable, or redirects back to the HTTPS version, then we are in case (1); if it is available, then we are in case (2).