HTTPS-Only: Infinite redirections at http://www.nwstbus.com.hk/
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: Fanolian+BMO, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: nightly-community, reproducible, Whiteboard: [domsecurity-backlog1])
Steps to reproduce
- Enable HTTPS-Only Mode.
- Visit http://www.nwstbus.com.hk/
Actual result
I cannot access the site due to infinite redirections.
Note
Without HTTPS-Only Mode, https://www.nwstbus.com.hk/home/default.aspx?intLangID=1 correctly downgrades (by the site?) to http://www.nwstbus.com.hk/home/default.aspx?intLangID=1
This is more like a webcompat issue and bug 1653026 should be able to work around it. But let's see if Firefox wants to do something about it.
Comment 1•4 years ago
|
||
It seems there is a script running which redirects the page back to using http which causes the https-only-mode to kick in and hence we end up in that endless loop of upgrading - downgrading :-(
Putting in the backlog for now but let's see what we can do to filter out that kinds of redirection.
FYI, the example site now provides an HTTPS version. But the underlying issue described in comment 1 is still valid.
Comment 3•4 years ago
|
||
Websites redirecting users back to HTTP with Javascript seems to be very rare and there isn't really an obvious fix for that. So even though the issue you describe is valid I'm going to close it for now.
Nevertheless, thanks for reporting the bug :)
For future reference:
Similar issue, and a fix, in bug 1693225.
Description
•