Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Why does Strict-Transport-Security not work on Firefox for Android?

  • 1 antwurd
  • 1 hat dit probleem
  • 1 werjefte
  • Lêste antwurd fan wiwouchu

wiwouchu
wiwouchu
more options

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected.

But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected. But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Bewurke troch wiwouchu op

Alle antwurden (1)

wiwouchu
wiwouchu Fraacheigener
more options

Okay, the problem is now half solved but only half solved. I had to create a PTR record for the domain. Now it works on the stable (default) Version of Firefox 60.0 on my mobile.

The new problem is now: How can I make it work in Firefox Nightly on my mobile phone? It does work on Nightly on the PC but not on my mobile. Or does Strict Transport Security (HSTS) generally not work on Nightly?

Bewurke troch wiwouchu op