Closed Bug 1938323 Opened 2 months ago Closed 2 months ago

Favicon tries to load via https even when custom port given for http

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Version:
Firefox 128
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1938361

People

(Reporter: ed, Unassigned)

Details

(Whiteboard: [necko-triaged][necko-priority-review])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0

Steps to reproduce:

I started a web server on a custom port 8085. This web server serves http not https. (Even if it did serve https, normal practice is to have https on a separate port.)

I requested http://myhost:8085/something by typing in the URI.

Actual results:

As shown in the Network tab of Firefox's developer tools, the browser is requesting the main page via http. That works. But then it makes a second request to

GET https://ldnpcd039:8085/favicon.ico

Although the main page is http, the favicon is being requested over https. That might not be so bad in itself. But the same port number 8085 is now being tried for https when the main page has just been fetched over http from that same port. While some web servers may be able to auto-switch and talk http and https on the same port, for many others this results in sending binary garbage to the http port. And the favicon is not fetched.

Expected results:

Either fetch the favicon over plain http using the provided port number:

GET http://ldnpcd039:8085/favicon.ico

or alternatively try getting it via https, but with the standard https port (443):

GET https://ldnpcd039/favicon.ico

Or perhaps try both methods in some order. But don't switch the protocol from http to https without also changing the port number.

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core

Looks like HTTP-HTTPS upgrade issue.
Simon, could you please confirm the expected behaviour here?

Severity: -- → S3
Flags: needinfo?(sfriedberger)
Priority: -- → P2
Whiteboard: [necko-triaged][necko-priority-rev
Whiteboard: [necko-triaged][necko-priority-rev → [necko-triaged][necko-priority-review]

Upgrading custom ports was never a good idea but it is what the specification draft required. I built it, then got the spec draft changed and now I'm in the. process of removing it again. In the meantime setting dom.security.https_first_for_custom_ports to false in about:config should fix it.

Flags: needinfo?(sfriedberger)
Status: UNCONFIRMED → RESOLVED
Closed: 2 months ago
Duplicate of bug: 1938361
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.