Open Bug 1290489 Opened 9 years ago Updated 3 years ago

http redirect and hsts can loop, tell user a more descriptive error message

Categories

(Core :: Networking: HTTP, defect, P5)

Product:
Core
Component:
Networking: HTTP
Version:
40 Branch
Type:
defect

Tracking

()

People

(Reporter: mayhemer, Unassigned)

References

(
URL
)

Details

(Whiteboard: [necko-would-take])

+++ This bug was initially created as a clone of Bug #1171203 +++ If a page serves a 301 redirect from https to itself on http, but also sends an HSTS header, we can loop forever, redirecting from one version of the page to another. E.g. www.microsoft.com/web/downloads/platform.aspx Via https://twitter.com/ericlaw/status/606209561855287296 -------------------------------------------------------------- For STR see: https://bugzilla.mozilla.org/show_bug.cgi?id=1171203#c6 Goal of this bug is to detect we suffer this kind of loop (tricky) and when the redirect loop limit is reached inform the user that the site is misconfigured in this way.
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.