Open Bug 1764702 Opened 3 years ago Updated 2 years ago

With the httpsOnly feature, the website www.ch-macon.fr doesn't work and doesn't get the error page

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

People

(Reporter: julienw, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

STR:

  1. Go to www.ch-macon.fr with the https only option

Actual:
The website in https answers with 503. There's no way to switch to the http version of it except adding an exception.

Expected:
The website answes with 503. If the website was accessed because of the httpsOnly option, we should have a way to switch to the version with http.

Christoph, can you find someone to take a look?

Flags: needinfo?(ckerschb)

(In reply to Dragana Damjanovic [:dragana] from comment #1)

Christoph, can you find someone to take a look?

I can reproduce this problem, and I agree, this is a valid concern. In https-first-mode, e.g. when you open a private browsing tab (where https-first-mode is enabled by default) we automatically fall back to http: in that case, which happens because we check if (responseStatus >= 400 && responseStatus < 600) {. We should probably do the same for https-only-mode.

Blocks: https-only-mode
Severity: -- → S3
Flags: needinfo?(ckerschb)
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Component: Networking → DOM: Security
You need to log in before you can comment on or make changes to this bug.