Closed Bug 1756363 Opened 3 years ago Closed 3 years ago

Request to subdomain doesn't try https

Categories

(Core :: DOM: Security, enhancement)

Firefox 97
enhancement

Tracking

()

RESOLVED WONTFIX

People

(Reporter: vitaly.artemiev, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0

Steps to reproduce:

Open new tab
Ctrl+Shift+K to open console
Enable request log
Type test.test123test123.xyz in address bar

Actual results:

Only 1 request is issued - to http://test.test123test123.xyz/

Expected results:

Should have similar behaviour as it would with test123test123.xyz (without subdomain) - at least two requests to http://test.test123test123.xyz/ and https://test.test123test123.xyz/

Chrome makes both requests.

How I found this: misconfigured nginx without redirect from port 80 to port 443. Revere-proxied https site would open on Chrome, but not on Firefox.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → DOM: Security
Product: Firefox → Core

Chrome's implementation of "try https first" works differently from ours. In particular, theirs is "on by default" and ours is not -- unless you use Private Browsing mode.

What happens in Private Browsing, or if you explicitly turn on "HTTPS-only" in our preferences?

This behavior is completely unspecified so I'm not sure how you can consider this behavior a "bug"? Most browsers won't try https first, especially old browsers

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.