Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

On Monday the 3rd of March, around 5pm UTC (9am PT) users may experience a brief period of downtime while one of our underlying services is under maintenance.

Avatar for Username

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Mësoni Më Tepër

Kjo rrjedhë është arkivuar. Ju lutemi, bëni një pyetje të re, nëse keni nevojë për ndihmë.

Why does Strict-Transport-Security not work on Firefox for Android?

  • 1 përgjigje
  • 1 e ka hasur këtë problem
  • 1 parje
  • Përgjigjja më e re nga wiwouchu

wiwouchu
wiwouchu
more options

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected.

But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected. But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Ndryshuar nga wiwouchu

Krejt Përgjigjet (1)

wiwouchu
wiwouchu I zoti i pyetjes
more options

Okay, the problem is now half solved but only half solved. I had to create a PTR record for the domain. Now it works on the stable (default) Version of Firefox 60.0 on my mobile.

The new problem is now: How can I make it work in Firefox Nightly on my mobile phone? It does work on Nightly on the PC but not on my mobile. Or does Strict Transport Security (HSTS) generally not work on Nightly?

Ndryshuar nga wiwouchu