<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><span class="vcard"><a class="email" href="mailto:ap@webkit.org" title="Alexey Proskuryakov <ap@webkit.org>"> <span class="fn">Alexey Proskuryakov</span></a>
</span> changed
              <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED INVALID - HTTP only page being forced to HTTPS"
   href="https://bugs.webkit.org/show_bug.cgi?id=138535">bug 138535</a>
        <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">CC</td>
           <td>
                
           </td>
           <td>ap@webkit.org
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Status</td>
           <td>NEW
           </td>
           <td>RESOLVED
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Resolution</td>
           <td>---
           </td>
           <td>INVALID
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED INVALID - HTTP only page being forced to HTTPS"
   href="https://bugs.webkit.org/show_bug.cgi?id=138535#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED INVALID - HTTP only page being forced to HTTPS"
   href="https://bugs.webkit.org/show_bug.cgi?id=138535">bug 138535</a>
              from <span class="vcard"><a class="email" href="mailto:ap@webkit.org" title="Alexey Proskuryakov <ap@webkit.org>"> <span class="fn">Alexey Proskuryakov</span></a>
</span></b>
        <pre>I cannot reproduce this issue, <a href="http://devicefinder.eleboards.com">http://devicefinder.eleboards.com</a> opens normally in Safari on OS X Yosemite for me.

Is there an entry for eleboards.com in your ~/Library/Cookies/HSTS.plist file? This behavior is consistent with eleboards.com previously sending a Strict-Transport-Security HTTP response header to you - if it was marked "with subdomains", then devicefinder.eleboards.com is also subject to the restriction.

I verified that eleboards.com doesn't send this header now, so it was probably a temporary mistake made by the webmaster. Alternatively, only some pages on the site have it, and I just didn't happen to open the ones that do. One way or another, this is correct behavior for a web browser. All browsers that have seen such a response in the past will be affected.

Please see <<a href="http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security</a>> for more information about strict transport security.

A workaround is to remove the HSTS.plist file, and then execute this command from Terminal:

killall -9 cookied</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>