upgradeToSecure results in https redirect loop
Categories
(Core :: Networking: HTTP, defect, P2)
Tracking
()
People
(Reporter: robwu, Assigned: robwu)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
Currently, when upgradeToSecure is returned for a https URL, a redirect loop occurs (and eventually broken when the limit on the number of internal redirects is reached, ~20).
That happens because the flag propagates from here to here, after which an unconditional redirect to the https version of the URL occurs.
What should be happening instead is for the upgrade to be ignored if the request already uses a secure scheme. This used to be the case when introduced in bug 1149250, but was regressed by https://searchfox.org/mozilla-central/diff/50316df2bbad5bd67e490d3e302943ddb5be183e/netwerk/protocol/http/nsHttpChannel.cpp#546 (note the move from the mUpgradeToSecure lookup outside of the isHttp branch).
|
||
Updated•2 years ago
|
|
|
||
Comment 1•2 years ago
|
||
Set release status flags based on info from the regressing bug 1521729
|
Assignee | |
Comment 2•2 years ago
|
||
|
||
Comment 3•2 years ago
|
||
We are in RC week, wontfix 106.
|
||
Comment 4•2 years ago
|
||
Could you set a severity on this?
Is this something we need on the radar for a potential 107 ride-along or ride the trains in 108?
|
|
Assignee | |
Comment 5•2 years ago
|
||
S4 - extension developers can work around this by checking whether the request URL is "https", and if so skip the result.
This regression went unnoticed for a long while so we can just ride the trains.
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/aceb2c66669b Avoid redirect loop when channel.upgradeToSecure is used r=necko-reviewers,valentin
|
|
||
Updated•2 years ago
|
|
||
Comment 7•2 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
Description
•