Closed Bug 1664207 Opened 5 years ago Closed 5 years ago

Firefox swaps explicitly typed http: with https:

Categories

(Firefox :: Site Permissions, defect)

Product:
Firefox
Component:
Site Permissions
Version:
80 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: felix.benning, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

We recently deployed a new app on our intranet server which has an SSL certificate. This app was deployed to port 443 (and 80 as http).

Actual results:

After visiting this new app, we could no longer reach our old apps on different ports, as firefox would automatically replace http: with https: and then throw a "secure connection failed" error. Deleting the cache allows you to reach the old apps again until you visit the new app for the first time. Then it flips http with https again. This is similar to the mixed content website problem.

But as it is on the same domain with only a different port, firefox does not offer a option to allow mixed content.

Long term we will probably want to put all the other apps behind a reverse proxy which should solve the issue. But this is quite annoying for the transition period.

Expected results:

Firefox should not replace explicitly typed transfer protocols. Or at least ask whether or not to do so. Not being able to reach available ports is a defect. A request for enhancement might be, if you would also check whether a port is available with http without an explicitly typed transfer protocol and utilize this depending on the mixed content setting.

Hi,

Can you provide a link for me to try replicate on my end?
Please test if the issue occurs to you in safe mode (add-ons disabled). Here is a link that can help you do that:
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

I will move this over to a component so developers can take a look over it,. If is not the correct component please feel free to change it to an appropriate one.

Thanks for the report.

Best regards, Clara.

Component: Untriaged → Site Permissions
Flags: needinfo?(felix.benning)

It is on an intranet domain so I can not provide a link. But I had a closer look at the new app in the meantime and found this in its nginx configuration:

    location / {
        # Redirect all requests to https
        return 301 https://$server_name$request_uri;
    }

which is probably the culprit. It is still a bit strange, that this covers all other ports too, which work if the cache is empty, but at least it is possible to work around this. Not sure whether the http code should be changed or the redirect be deactivated completely until the other apps have https as well.

Flags: needinfo?(felix.benning)
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.