Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
On Thu, 15 Apr 2021 09:31:11 -0300
Eduardo M KALINOWSKI <eduardo@kalinowski.com.br> wrote:
>
> On 15/04/2021 09:12, Celejar wrote:
> > On Thu, 15 Apr 2021 11:16:59 +0100
> > piorunz <piorunz@gmx.com> wrote:
> >
> >> On 15/04/2021 03:15, Celejar wrote:
> >>
> >>> http://www.daat.ac.il/
> >>> https://www.daat.ac.il/
> >>>
> >>> Celejar
>
> I can confirm the problem, by the way.
>
> >> Their webserver is misconfigured. AFAIR, if they don't support https,
> >> their server should redirect to http page. Instead, they throw 404 error.
> > Do you have a reference for this as required by the standards?
>
> I don't think this is required by any standard.
>
> But it's certainly bad practice: if they don't want to support https,
> they should disable it, and not return a 404 error. It may not be a
> requirement that the http and https content have to be the same, but it
> certainly makes a lot of sense that they are.
>
> So I'd agree that the website is misconfigured. You might try contacting
> them.
>
> Unlike the HTTPS Everywhere extension, that has a list of sites that
> should be accessed only with https, the built-in Firefox function seems
> to just try to make an https connection, and if it succeeds, assumes
> (reasonably, IMHO) that the site supports https. Since 404 is a valid
> response that in no way indicates lack of https support (on the
> contrary), it then redirects everything to https.
Thank you. That was my analysis of the problem as well.
> The docs say you can disable https for a specific site:
> https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
I tried the setting, but it didn't seem to work.
> . But if this happens a lot, it might be simpler to simply disable that
>
> Firefox feature. Not because it's buggy, but because it make reasonable
> assumptions about websites' behaviours, which unfortunately are not
> followed by everyone.
I may have to do that.
Celejar
Reply to: