Local URLs redirecting to HTTPS Topic is solved

This board is for discussions, bug reports, etc. for pre-releases of the v28 milestone building on UXP.
User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Local URLs redirecting to HTTPS

Unread post by adesh » 2018-07-24, 09:57

When accessing a resource like local.mysite.com/something hosted locally, the browser converts the request to HTTPS one. This results in SSL errors because generally development machines are not SSL/TLS enabled.
Please remove this feature. I don't think anyone would require this, so it can be disabled without any preference controlling it.

I guess this is being done using HTTS? If yes, disabling that is not an option.
I'd also like to know what the rationale was behind this (why did FF/Chrome implement this)?
Last edited by adesh on 2018-07-24, 10:01, edited 3 times in total.

User avatar
JustOff
Banned user
Banned user
Posts: 2083
Joined: 2015-09-03, 19:47
Location: UA

Re: Local URLs redirecting to HTTPS

Unread post by JustOff » 2018-07-24, 10:53

adesh wrote:When accessing a resource like local.mysite.com/something hosted locally, the browser converts the request to HTTPS one.
I've never seen such behavior, having both http and https running on localhost.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35404
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Local URLs redirecting to HTTPS

Unread post by Moonchild » 2018-07-24, 11:05

HSTS is usually declared domain-wide with subdomains. If you enable HSTS for your domain that way, then you must make sure everything on that domain is HTTPS, including "local" hosts. There is no distinction between behavior depending on what a host resolves to.
If you want to be more selective, then you must only set HSTS headers on specific hosts and exclude subdomains.

The rationale behind this is the standard. see RFC 6797
Last edited by Moonchild on 2018-07-24, 11:07, edited 2 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Re: Local URLs redirecting to HTTPS

Unread post by adesh » 2018-07-24, 11:11

JustOff wrote:I've never seen such behavior, having both http and https running on localhost.
I forgot to put that in my post. Accessing the site via localhost kind of works, but that limits my machine's ability to serve multiple domains with their own configuration. URL router also gets messed up if, for example, both api.mysite.com and web.mysite.com are accessed using localhost.

User avatar
adesh
Board Warrior
Board Warrior
Posts: 1277
Joined: 2017-06-06, 07:38

Re: Local URLs redirecting to HTTPS

Unread post by adesh » 2018-07-24, 11:58

Ok, so HSTS is indeed enabled for our domain including subdomains (I talked with our admin). Confusion was because I was not seeing this behaviour in older Basilisk. Now, things are clearer. But still no solution, other than disabling the list.

Locked