Redirect http://ftp.mozilla.org and http://releases.mozilla.org/ to HTTPS
Categories
(Cloud Services :: Operations: Product Delivery, task)
Tracking
(Not tracked)
People
(Reporter: 08xjcec48, Unassigned)
References
Details
Updated•7 years ago
|
Comment 1•6 years ago
|
||
Updated•5 years ago
|
Updated•4 years ago
|
Updated•3 years ago
|
Hey, Sylvestre. You closed Bug 1436695 4 years ago, but these two subdomains are still accessible over HTTP:
Comment 4•1 year ago
|
||
(In reply to 08xjcec48 from comment #3)
Hey, Sylvestre. You closed Bug 1436695 4 years ago, but these two subdomains are still accessible over HTTP:
Interestingly, Firefox forces them to be https, but I can reproduce this with curl and telnet:
❯ telnet ftp.mozilla.org 80
Trying 34.117.35.28...
Connected to ftp.mozilla.org.
Escape character is '^]'.
GET /
HTTP/1.0 200 OK
Server: nginx
Date: Mon, 19 Jun 2023 13:31:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1238
ETag: fb935b2435681acec2d1a5731f8b1de2463df49e8deb02975bdbc80c5a20b3e4
Vary: Accept,Accept-Encoding
Expires: Mon, 19 Jun 2023 13:41:36 GMT
Cache-Control: max-age=600
Strict-Transport-Security: max-age=31536000
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Via: 1.1 google, 1.1 google
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Directory Listing: /</title>
</head>
<body>
<h1>Index of /</h1>
<table>
<tr>
<th>Type</th>
<th>Name</th>
<th>Size</th>
<th>Last Modified</th>
</tr>
<tr>
<td>Dir</td>
<td><a href="/pub/">pub/</a></td>
<td></td>
<td></td>
</tr>
<tr>
<td>File</td>
<td><a href="/favicon.ico">favicon.ico</a></td>
<td>304</td>
<td>13-Feb-2023 04:21</td>
</tr>
</table>
</body>
</html>Connection closed by foreign host.
I'm asking our SRE folks about this.
Comment 5•1 year ago
|
||
Asked around about this - it looks like it's intentional.
Interestingly, Firefox forces them to be https
I believe that's because you've enabled HTTPS-Only Mode.
Comment 7•1 year ago
|
||
(In reply to 08xjcec48 from comment #6)
Interestingly, Firefox forces them to be https
I believe that's because you've enabled HTTPS-Only Mode.
Hah, of course. In any case - this behaviour is intentional for now, as evidence by the current behaviour and this bug still being open. The metabug being closed doesn't change that. Sorry for all the back and forth and confusion...
Comment 8•1 year ago
|
||
I think it is by design.
We don't want to break tools that are relying on HTTP and might break with redirection to HTTPS.
Description
•