User Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20100101 Steps to reproduce: Go to https://www.catbox.moe Actual results: It gave me an invalid certificate error page Expected results: Firefox should also try to connect to https://catbox.moe when https://www.catbox.moe failed, and then redirect to it, just like Chromium does: https://www.browserling.com/browse/win/7/chrome/61/https%3A%2F%2Fwww.catbox.moe%2F
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Patrick might have some idea
seems to me we're doing the right thing. let me look into it.
Our Chrome twitter friends were happy to shed some light.. see below. tl;dr this is some unspeced uri fixup logic in Chrome covering up the bad cert on https://www.catbox.moe while firefox shows the base error that cert does have. OP: I'm not sure if you're the admin of catbox.moe or not, if you are I'm confident the chrome team would agree the best fix would be to just fix your LE Cert to have both names. My opinion here is WONTFIX, but this should really be something for security engineering to decide. So I'll forward it on. these links will help: https://twitter.com/mcmanusducksong/status/931082336623398914 look under end-user-magic here https://textslashplain.com/2017/03/01/the-trouble-with-magic/ especially https://twitter.com/sleevi_/status/931187914196881408 and https://twitter.com/estark37/status/931190708936962048
Component: Networking: HTTP → Security
(In reply to Patrick McManus [:mcmanus] from comment #3) > OP: I'm not sure if you're the admin of catbox.moe or not, if you are I'm > confident the chrome team would agree the best fix would be to just fix your > LE Cert to have both names. I'm not the admin of that website, I was just making a ruleset for HTTPS Everywhere and noticed that behavior with Chromium. https://github.com/EFForg/https-everywhere/pull/13578 We normally add rules like <rule from="^http://www\.catbox\.moe/" to="https://catbox.moe/" /> to deal with such cases.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → WONTFIX
If we get a cert error, could we try the www version in the background? And provide the users a link to it in the error page, as Emily hints at on twitter? Adding JC for thoughts.
Flags: needinfo?(tanvi) → needinfo?(jjones)
I'm with Ryan Sleevi on this . It's not good for the ecosystem to have such a kludge, and I'm sad that Chrome has it today. I think this should stay WONTFIX, and hopefully Chrome will issue an intent-to-deprecate for their behavior.  https://twitter.com/sleevi_/status/931186229244252160
(In reply to J.C. Jones [:jcj] from comment #6) > I'm with Ryan Sleevi on this . It's not good for the ecosystem to have > such a kludge, and I'm sad that Chrome has it today. I'm not proposing we do it automatically. User will still get the cert error page. They will just have a way to get around it. So they will experience poor UX instead of horrible UX.
You need to log in before you can comment on or make changes to this bug.