Den här webbplatsen har begränsad funktionalitet medan vi utför underhåll för att förbättra din upplevelse. Om en artikel inte löser ditt problem och du vill ställa en fråga har vi vår gemenskap som väntar på att hjälpa dig på @FirefoxSupport på Twitter, /r/firefox på Reddit.

Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Läs mer

Why does Strict-Transport-Security not work on Firefox for Android?

  • 1 svar
  • 1 har detta problem
  • 4 visningar
  • Senaste svar av wiwouchu

more options

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected.

But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected. But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Ändrad av wiwouchu

Alla svar (1)

more options

Okay, the problem is now half solved but only half solved. I had to create a PTR record for the domain. Now it works on the stable (default) Version of Firefox 60.0 on my mobile.

The new problem is now: How can I make it work in Firefox Nightly on my mobile phone? It does work on Nightly on the PC but not on my mobile. Or does Strict Transport Security (HSTS) generally not work on Nightly?

Ändrad av wiwouchu