Captive network account (w/ login redirect) and HSTS
Hello,
with a basic Debian jessie install and a recent Firefox, I observe the
following:
[1] Debian has no specific support for detecting captive networks
(e.g. Android, iOS) and redirecting automatically the browser to
the captive login page
[2] launching Firefox on the default page doesn't work (doesn't get
redirected properly to the login page but fails with a HTTPS
certificate error), if there is a recent HSTS[*] security
configuration cache for the default domain page (e.g. google.com)
[1] is not really an issue: I wouldn't like myself that connecting to
a WiFi captive network starts a browser. Also, open captive networks are
messing up, dangerous, a WPA/RADIUS auth would be much better.
However, open captive networks are quite commons in hotels, airports,
parks, etc. So it cannot be dismissed.
[2] the only fix is to type an URL you know is HTTP, not HTTPS and does
not configure HSTS, and does not support DNSSEC. In my case I used
ptiturl.ch
Maybe this could be in the Debian User manual somehow?
Feel free to contact me if you want help in writing the documentation.
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Reply to: