Open Bug 1896699 Opened 9 months ago Updated 8 months ago

Cause an error when getting a http downgrade on a page with https-rr dns records telling us to always upgrade the connection

Tracking

()

Status:

NEW

People

(Reporter: manuel, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog])

Manuel Bucher [:manuel]

Reporter

Description

•

9 months ago

This is a misconfigurations of the server causing us to do a upgrade-downgrade loop.

http downgrade here means redirect with exactly the same url, but replacing https with http.

for example:

> GET https://example.com/page
< HTTP 307
< Location: http://example.com/page

raised in review https://phabricator.services.mozilla.com/D193672?id=824322#inline-1125840

I agree. But I don't want to change that behavior in that patch.

Manuel Bucher [:manuel]

Reporter

Updated

•

9 months ago

Depends on: 1716069

Daniel Veditz [:dveditz]

Updated

•

9 months ago

Blocks: https-first-mode

Daniel Veditz [:dveditz]

Updated

•

9 months ago

Whiteboard: [domsecurity-backlog]

Daniel Veditz [:dveditz]

Updated

•

9 months ago

Severity: -- → N/A

Manuel Bucher [:manuel]

Reporter

Updated

•

8 months ago

Blocks: httpssvc
No longer blocks: https-first-mode

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Cause an error when getting a http downgrade on a page with https-rr dns records telling us to always upgrade the connection

Categories

(Core :: DOM: Security, enhancement)

Tracking

()

People

(Reporter: manuel, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated