[Webkit-unassigned] [Bug 272997] [GTK] https URL redirects to http without apparent reason
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 22 07:19:31 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=272997
Patrick Griffis <pgriffis at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|INVALID |---
Status|RESOLVED |REOPENED
--- Comment #4 from Patrick Griffis <pgriffis at igalia.com> ---
I'm reopening this as I have a better understanding a bit.
What I believe is happening here:
- Request to https://foo
- Response is:
303
Location: http://bar
Strict-Transport-Security: ...
- WebKit handles redirect to http://bar
- libsoup upgrades http://bar to https://bar and emits hsts-enforced
- Webkit calls request.setURL() for https://bar
...
Somewhere along the way some state in WebKit just isn't updated to reflect this so it keeps using HTTP. I don't think an HTTP request is ever *sent* as libsoup repeatedly upgrades it.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240422/82def9a8/attachment.htm>
More information about the webkit-unassigned
mailing list