Request to subdomain doesn't try https
Categories
(Core :: DOM: Security, enhancement)
Tracking
()
People
(Reporter: vitaly.artemiev, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Steps to reproduce:
Open new tab
Ctrl+Shift+K to open console
Enable request log
Type test.test123test123.xyz in address bar
Actual results:
Only 1 request is issued - to http://test.test123test123.xyz/
Expected results:
Should have similar behaviour as it would with test123test123.xyz (without subdomain) - at least two requests to http://test.test123test123.xyz/ and https://test.test123test123.xyz/
Chrome makes both requests.
How I found this: misconfigured nginx without redirect from port 80 to port 443. Revere-proxied https site would open on Chrome, but not on Firefox.
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Comment 2•3 years ago
|
||
Chrome's implementation of "try https first" works differently from ours. In particular, theirs is "on by default" and ours is not -- unless you use Private Browsing mode.
What happens in Private Browsing, or if you explicitly turn on "HTTPS-only" in our preferences?
This behavior is completely unspecified so I'm not sure how you can consider this behavior a "bug"? Most browsers won't try https first, especially old browsers
Description
•