Ignore HSTS if different port is used.

RESOLVED INVALID

Status

()

Core
Networking
RESOLVED INVALID
4 months ago
4 months ago

People

(Reporter: horsky.luso, Unassigned)

Tracking

54 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 months ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170630112252

Steps to reproduce:

* Visit a site, that responds with HSTS header on port 80.
  * This redirects client to https, thus 443.
* Visit the same site on non-http port (neither 80 nor 443).


Actual results:

* Firefox tries to use TLS/SSL encryption, even when the server does not.


Expected results:

* Firefox should bind the HSTS record to fqdn AND port, thus ignoring HSTS for other ports.
This is according to spec. Explained in https://bugzilla.mozilla.org/show_bug.cgi?id=613645#c1
based on comment 1, close as invalid.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.