[Webkit-unassigned] [Bug 138535] HTTP only page being forced to HTTPS
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Nov 8 10:23:01 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=138535
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ap at webkit.org
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
I cannot reproduce this issue, http://devicefinder.eleboards.com opens normally in Safari on OS X Yosemite for me.
Is there an entry for eleboards.com in your ~/Library/Cookies/HSTS.plist file? This behavior is consistent with eleboards.com previously sending a Strict-Transport-Security HTTP response header to you - if it was marked "with subdomains", then devicefinder.eleboards.com is also subject to the restriction.
I verified that eleboards.com doesn't send this header now, so it was probably a temporary mistake made by the webmaster. Alternatively, only some pages on the site have it, and I just didn't happen to open the ones that do. One way or another, this is correct behavior for a web browser. All browsers that have seen such a response in the past will be affected.
Please see <http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security> for more information about strict transport security.
A workaround is to remove the HSTS.plist file, and then execute this command from Terminal:
killall -9 cookied
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141108/e948b8eb/attachment-0002.html>
More information about the webkit-unassigned
mailing list