Closed Bug 1097609 Opened 10 years ago Closed 10 years ago

Firefox keeps forcing https redirect

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: nikos, Unassigned)

Details

I have a custom subdomain hosted on Github pages. (which means there is no valid certificate for this). I want to use the http version of this but Firefox keeps redirecting me to https. I cleared history/cache but after a couple of visits the https redirection hits back. The weird thing about this is that I can't even view the https version of the page because of invalid cert (domain mismatch). I don't have any relevant add-on installed (like https-everywhere) and this also happens with an empty profile.
does it go to the https version if you explicitly type http in the locationbar? Did you check http headers to ensure the server is not using strict Transport Security?
Summary: firefox keeps forcing https riderect → Firefox keeps forcing https redirect
So I spent some time doing test. Github pages, where my subdomain points (eg. sub.example.com) doesn't return an HSTS header. Which is expected behavior, since all custom domains that play over github pages would have the same problem. But I had HSTS defined on the configuration of my appex domain (example.com), which hosted on a different server behind nginx. I removed the "includeSubDomains" directive now my github subdomain works as expected through http so far. It seems that Firefox first asks the apex domain for HSTS, before resolving a subdomain and respects the includeSubDomains even if a subdomain is pointing on different IP.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.