Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections

To: debian-user@lists.debian.org
Subject: Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
From: Celejar <celejar@gmail.com>
Date: Thu, 15 Apr 2021 11:10:20 -0400
Message-id: <[🔎] 20210415111020.ce59c2fa82f1181c2cee973e@gmail.com>
In-reply-to: <[🔎] e32cd11a-a06e-4f37-11e9-9b8a815236ab@kalinowski.com.br>
References: <[🔎] 20210414121928.57a87d3464ad0dc4daa82e46@gmail.com> <[🔎] f89b2eb8-a940-31fa-d88f-9ddb431c37e1@gmx.com> <[🔎] 20210414221552.76572edc74e8ecf7618e53af@gmail.com> <[🔎] 53560a10-8bf3-40aa-51af-c36c93fe8e7b@gmx.com> <[🔎] 20210415081202.9bcfa849508318c0c07e6c0d@gmail.com> <[🔎] e32cd11a-a06e-4f37-11e9-9b8a815236ab@kalinowski.com.br>

On Thu, 15 Apr 2021 09:31:11 -0300
Eduardo M KALINOWSKI <eduardo@kalinowski.com.br> wrote:

> 
> On 15/04/2021 09:12, Celejar wrote:
> > On Thu, 15 Apr 2021 11:16:59 +0100
> > piorunz <piorunz@gmx.com> wrote:
> >
> >> On 15/04/2021 03:15, Celejar wrote:
> >>
> >>> http://www.daat.ac.il/
> >>> https://www.daat.ac.il/
> >>>
> >>> Celejar
> 
> I can confirm the problem, by the way.
> 
> >> Their webserver is misconfigured. AFAIR, if they don't support https,
> >> their server should redirect to http page. Instead, they throw 404 error.
> > Do you have a reference for this as required by the standards?
> 
> I don't think this is required by any standard.
> 
> But it's certainly bad practice: if they don't want to support https, 
> they should disable it, and not return a 404 error. It may not be a 
> requirement that the http and https content have to be the same, but it 
> certainly makes a lot of sense that they are.
> 
> So I'd agree that the website is misconfigured. You might try contacting 
> them.
> 
> Unlike the HTTPS Everywhere extension, that has a list of sites that 
> should be accessed only with https, the built-in Firefox function seems 
> to just try to make an https connection, and if it succeeds, assumes 
> (reasonably, IMHO) that the site supports https. Since 404 is a valid 
> response that in no way indicates lack of https support (on the 
> contrary), it then redirects everything to https.

Thank you. That was my analysis of the problem as well.

> The docs say you can disable https for a specific site: 
> https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ 

I tried the setting, but it didn't seem to work.

> . But if this happens a lot, it might be simpler to simply disable that 
> 
> Firefox feature. Not because it's buggy, but because it make reasonable 
> assumptions about websites' behaviours, which unfortunately are not 
> followed by everyone.

I may have to do that.

Celejar

Reply to:

References:
- Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
  - From: Celejar <celejar@gmail.com>
- Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
  - From: piorunz <piorunz@gmx.com>
- Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
  - From: Celejar <celejar@gmail.com>
- Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
  - From: piorunz <piorunz@gmx.com>
- Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
  - From: Celejar <celejar@gmail.com>
- Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

Prev by Date: Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
Next by Date: Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
Previous by thread: Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
Next by thread: Re: Firefox HTTPS-only mode breaks sites that return 404 for HTTPS connections
Index(es):
- Date
- Thread