Closed Bug 1669424 Opened 4 years ago Closed 4 years ago

HTTPS-Only Mode: Exception should be propagated through redirects

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

redirect-comparison.png 4 years ago Julian Gaibler 154.33 KB, image/png		Details

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

4 years ago

Adding an exemption to a particular side should probably be propagated throughout redirects, otherwise the only possible way to view a page is to disable HOM entirely.

STRs:

Enable HOM
Visit http://www.wisdom.weizmann.ac.il/~naor/PAPERS/npr.pdf

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

4 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog1]

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

4 years ago

Severity: -- → S3

Julian Gaibler

Comment 1

•

4 years ago

Attached image redirect-comparison.png — Details

Exceptions get propagated throughout redirects, the issue with the mentioned site is that the redirects for the HTTP version are different than those for the HTTPS version. Latter redirects are sadly also incorrect, which caused the issue.

Since we can't infer if these redirects are unintended we can't fix this issue and similar ones.

Julian Gaibler

Updated

•

4 years ago

Status: NEW → RESOLVED

Closed: 4 years ago

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

HTTPS-Only Mode: Exception should be propagated through redirects

Categories

(Core :: DOM: Security, defect, P3)

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Comment 1

Updated

Attachment

General

Description

File Name

Content Type