Closed Bug 1682231 Opened 3 years ago Closed 3 years ago

HTTPS-only mode won't properly redirect sometimes

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
Firefox 83
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1653898

People

(Reporter: hokex55294, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0

Steps to reproduce:

I tried accessing protondb.com while using the new HTTPS-only mode, by typing "protondb.com" in the adress bar

Actual results:

Firefox says the connection isn't secure

Expected results:

protondb.com has a https certificate, so it shouldn't show this.

Probably related to this, but I've noticed that on some sites Firefox will show the same thing (connection isn't secure), but a refresh (f5) will make the website load with https.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security: PSM
Product: Firefox → Core
Component: Security: PSM → DOM: Security

Julian, could you investigate this one please? Thanks!

Flags: needinfo?(julianwels)

Hi, thanks for reporting this issue!

The problem is that https://protondb.com serves a certificate for the wrong domain (netlify.com). Only https://www.protondb.com has a certificate that matches the domain name. Sadly, this is not uncommon, so we already have bug 1653898 to track this.

Because the problem stems from a misconfigured webserver, the best solution would be to reach out to the website maintainers and ask them if they could fix it.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Flags: needinfo?(julianwels)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.