Bug 272997
| Summary: | [GTK] https URL redirects to http without apparent reason | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Andres Gomez Garcia <agomez> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | REOPENED | ||
| Severity: | Normal | CC: | bugs-noreply, pgriffis |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Andres Gomez Garcia
I can reproduce this MiniBrowser (and Epiphany) from Epiphany Technology Preview (org.gnome.Epiphany.Devel): 46.0-33-g1b2f8b81f+. WebKitGTK 2.44.1, GStreamer 1.22.11
In our corporative services we have all our services redirected from http to https, however, for a specific service, we experience that it redirects without explanation from https to http.
We don't experience this with other browsers (FF, Chrom*, ...)
For testing with our current services, please, contact me directly in private.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Patrick Griffis
FWIW I tested the URL and could not reproduce this issue.
I tested both the stable Epiphany (46.0) and tech preview flatpaks.
Both http and https redirected to https.
So NEEDINFO.
Patrick Griffis
OK so I was able to reproduce, it has to do with HTTP authentication.
Patrick Griffis
This was a server configuration issue.
Patrick Griffis
I'm reopening this as I have a better understanding a bit.
What I believe is happening here:
- Request to https://foo
- Response is:
303
Location: http://bar
Strict-Transport-Security: ...
- WebKit handles redirect to http://bar
- libsoup upgrades http://bar to https://bar and emits hsts-enforced
- Webkit calls request.setURL() for https://bar
...
Somewhere along the way some state in WebKit just isn't updated to reflect this so it keeps using HTTP. I don't think an HTTP request is ever *sent* as libsoup repeatedly upgrades it.