Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does firefox immediately request https when I type in http URL?

Tags:

http

https

ssl

firefox

I have an IIS7 ASP.NET webserver bound to both http and https.

So, I type in http://test35-control.musac.school.nz into Firefox 7.0.1. In the server logs I immediately see

2011-11-09 04:57:16 130.123.148.35 GET / - 443 - 130.123.96.22 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:7.0.1)+Gecko/20100101+Firefox/7.0.1 200 0 0 123

In Firebug, Net panel [with persist selected] shows the first request as https://test35-control.musac.school.nz/

So, Firefox seems to ignore the fact that I've asked for http and go to the https site instead. Why is that?

Probably answered on the net, but there are too many generic terms for googling...

The same seems to happen in all other browsers I have on hand too (IE8, Chrome, Opera).

like image 286
O'Rooney Avatar asked Oct 23 '25 17:10

O'Rooney

1 Answers

For posterity, an unlikely reason Firefox would issue the request to the typed URL over HTTPS (on default port 443) is if it had previously gotten a response from the server over HTTPS with the Strict-Transport-Security header with a max-age value that still applies.

To explain, to the best of my knowledge -- although I can't for the moment locate a Mozilla resource that definitely confirms this -- Firefox will by default use HTTP protocol if you type an address. At least that can be confirmed empirically.

However, when a request is made over HTTPS and the response contains the aforementioned HTTP header, Firefox will, in compliance with the specification and for the time duration specified by max-age, always and only use HTTPS for every request to the server, never HTTP.

In your case, it might have happened you were testing HTTPS and the server was configured to serve the header with some max-age value that hasn't expired -- Firefox will then basically behave as if you typed https:// in front of your otherwise scheme-unprefixed URL, not http:// as by default.

This behaviour is not Firefox specific -- it applies to its contemporaries like Chrome, Opera, Vivaldi, Brave, and their derivatives, assuming they adhere to the same specification.

like image 51
amn Avatar answered Oct 26 '25 12:10

amn
Sign in to Comment

Related questions

how to check if a response is in xml format instead of HTML?
How should Transient Resources be retrieved in a RESTful API
Handle the HTTP PUT method in Python WSGI
Handshake error in client (OS Error: TLSV1_ALERT_PROTOCOL_VERSION(tls_record.cc:586) in flutter app when trying to do a post/get request
Content-type Multiple Parameters

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!