Firefox 61.0.1 (64-bit) Forces the URI "http://new/" to "HTTPS://new/"
We have an intranet site that is named "new". This site does not support HTTPS.
With the update to version 61.0.1 typing "http://new/" into the browser forces "HTTPS://new/"
However I created another DNS name "new1" and everything works fine.
Downgraded to 60.0.2 and the issue goes away.
I've tested this on multiple machines with upgrades and fresh installs.
It appears that somewhere in the latest update, the URI "new" has been mapped to something. How do I fix this, the shortcut to that URI is in too many place to fix, and as more user's get updated to the latest version this is going to become a huge headache.
Thanks
Izmjenjeno
Svi odgovori (6)
Figured it out.
I'll leave this here for anyone you happens to google upon this.
Firefox 61 changed the HTST and now forces "new" to use HTTPS prior to even reaching out of the computer.
You can disable this by modifying "network.stricttransportsecurity.preloadlist" in about:config from true to false
This probably isn't super secure because that list also contains things like youtube and the google play store, but it buys me a time to fix my naming conventions.
So your site is just http://new and nothing else?
This seems wrong, doesn't it? While https://somedomain.new/ is forced to HTTPS at the request of the registry operator, I don't know why the "local" hostname http://new/ should be forced to HTTPS. Seems like a mistake.
Not that I think it will come up all that often, but you could consider filing a bug so you have the freedom to name one of your servers android or dev without having to get an SSL cert for it.
Yes and no.
The site has a proper FQDN, but the old support staff (some where around 12 years ago) was a bit lazy and mapped a bunch of shortcuts and user favorites to just http://new/<app name>. Which worked until now.
I get that this is probably a rare issue, but It was super annoying to work out why all of a sudden things stopped working and only for certain users.
Also after some more research I found that chrome is going to be implementing the same changes in version 69.
Networked_Greatness said
Also after some more research I found that chrome is going to be implementing the same changes in version 69.
Firefox uses Chrome's HSTS list, so I'm surprised Chrome isn't enforcing this yet. They always let Firefox go first on the unpopular stuff. ;-)
Just in case any one wants to follow I've submitted a bug report
Bug 1475450
See where that goes