HTTPS-only mode won't properly redirect sometimes
Categories
(Core :: DOM: Security, defect)
Tracking
()
People
(Reporter: hokex55294, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Steps to reproduce:
I tried accessing protondb.com while using the new HTTPS-only mode, by typing "protondb.com" in the adress bar
Actual results:
Firefox says the connection isn't secure
Expected results:
protondb.com has a https certificate, so it shouldn't show this.
Probably related to this, but I've noticed that on some sites Firefox will show the same thing (connection isn't secure), but a refresh (f5) will make the website load with https.
Comment 1•3 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Comment 2•3 years ago
|
||
Julian, could you investigate this one please? Thanks!
Comment 3•3 years ago
|
||
Hi, thanks for reporting this issue!
The problem is that https://protondb.com
serves a certificate for the wrong domain (netlify.com). Only https://www.protondb.com
has a certificate that matches the domain name. Sadly, this is not uncommon, so we already have bug 1653898 to track this.
Because the problem stems from a misconfigured webserver, the best solution would be to reach out to the website maintainers and ask them if they could fix it.
Description
•