New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 501842 link

Starred by 60 users

Issue metadata

Status: Fixed
Owner:
Buried. Ping if important.
Closed: Oct 2015
Cc:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Regression


Show other hotlists

Hotlists containing this issue:
Hotlist-1
Hotlist-2


Sign in to add a comment

Redirect loop on some sites

Reported by bae...@gmail.com, Jun 18 2015

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2431.0 Safari/537.36

Example URL:
http://phpfashion.com/

Steps to reproduce the problem:
1. Update Chromium to version 45
2. Try to access phpfashion.com / latrine.cz / vitalita.cz (it might happen on some other sites as well)

What is the expected behavior?
All of those sites should load properly (they do load on other browsers and on most of Chrome Stable installations).

What went wrong?
Instead of loading the page, it throws an error: ERR_TOO_MANY_REDIRECTS.

Did this work before? Yes It worked in earlier Chromium versions - the current Chrome Stable version should work fine.

Chrome version: 45.0.2431.0  Channel: dev
OS Version: 6.3
Flash Version: Shockwave Flash 18.0 r0
 

Comment 1 by b...@chromium.org, Jun 18 2015

Labels: Needs-Bisect
I can reproduce the problem on 45.0.2431.0 dev, but works as intended on 44.0.2403.52 beta.  All of phpfashion.com, latrine.cz, and vitalita.cz.
Cc: nyerramilli@chromium.org
Labels: -Type-Bug -OS-Windows -Needs-Bisect Type-Bug-Regression OS-All M-45
Status: Untriaged
CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/2bf04fe8252edd3e2ab249f180064b024b9e4933..8b783b2e23748758a66cfae948229f853de4acac

Blink CL:
http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog_blink.html?url=/trunk&range=197020%3A197014

Unable to find the suspect, could someone please look into this issue.

Note: 
1. Able to reproduce this issue on Win7, Mac OS X 10.10.3, Ubuntu 14.04 using Chrome Dev and Canary 45.0.2435.5 (Official Build) canary (64-bit)
2. Issue broken in M45.

Comment 3 by b...@chromium.org, Jun 19 2015

Cc: jianli@chromium.org
Labels: -Cr-Internals-Network Hotlist-Webkit Type-Compat
Owner: haraken@chromium.org
Status: Assigned
Bisect points to the culprit https://crrev.com/1178923005 "Roll src/third_party/WebKit 83a722e3:102e755 (svn 196982:197021)".  Assigning to TBR of that CL.  Since it is a roll, further bisecting might be needed.  Issue can still be reproduced reliably on all of www.phpfashion.com, www.latrine.cz, and www.vitalita.cz.

Comment 4 by bae...@gmail.com, Jun 19 2015

It now happens on Chrome Dev for Android as well. 
Cc: haraken@chromium.org
Owner: mkwst@chromium.org
mkwst@: My best guess would be r197016, but would you mind taking a look? If your CL is innocent, please assign this back to me.



Comment 6 by mkwst@chromium.org, Jun 20 2015

Adding the `https: 1` header via curl gives the same response: the site redirects to itself. I don't understand why, but this is certainly a compatibility issue with these sites:

mini [21:23] Repo…ries/chro…sion $ curl -I http://phpfashion.com/
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 20 Jun 2015 19:27:20 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/3.0.17
Vary: X-Requested-With,Accept-Encoding,User-Agent

mini [21:27] Repo…ries/chro…sion $ curl -I --header "HTTPS: 1" http://phpfashion.com/
HTTP/1.1 301 Moved Permanently
Server: openresty
Date: Sat, 20 Jun 2015 19:27:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 93
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/3.0.17
Vary: X-Requested-With,User-Agent
Location: http://phpfashion.com/

Comment 7 by bae...@gmail.com, Jun 21 2015

Found another site with this issue, this time located on a completely different server - http://aukro.cz

Comment 8 by mkwst@chromium.org, Jun 22 2015

I don't see that behavior on aukro.cz. It loads fine for me in Canary...

Comment 9 Deleted

Comment 10 by bae...@gmail.com, Jun 22 2015

Homepage works fine, but some pages have a redirect loop, for example:

http://aukro.cz/zabezpecovaci-systemy-10883?ref=simplified-category-tree
http://aukro.cz/vanessa-monogamy-1994-i5429422832.html

Comment 11 by mkwst@chromium.org, Jun 29 2015

Cc: ssamanoori@chromium.org
 Issue 505234  has been merged into this issue.

Comment 12 by mkwst@chromium.org, Jun 30 2015

 Issue 501095  has been merged into this issue.

Comment 13 by mkwst@chromium.org, Jun 30 2015

Cc: davidben@chromium.org jonathan.garbee@chromium.org
 Issue 504357  has been merged into this issue.

Comment 14 by mkwst@chromium.org, Jun 30 2015

Started a thread on public-webappsec@ to see about renaming the header: https://lists.w3.org/Archives/Public/public-webappsec/2015Jun/0075.html

Comment 15 by mkwst@chromium.org, Jun 30 2015

Status: Started

Comment 16 by d.ok...@gmail.com, Jul 9 2015

Version 45.0.2438.3 dev (64-bit), I can confirm issue on aukro.cz and other pages.

Gentoo linux, ~amd64.

Comment 17 by bae...@gmail.com, Jul 15 2015

Everything now seems to be fine after updating to 45.0.2454.6 dev-m.
Project Member

Comment 18 by bugdroid1@chromium.org, Jul 15 2015

The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=198924

------------------------------------------------------------------
r198924 | mkwst@chromium.org | 2015-07-15T04:48:45.509923Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContext.cpp?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContextTest.cpp?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/check-https-header.pl?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/echo-https-header.pl?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-subresource.html?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-nested.html?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/post-https-header.pl?r1=198924&r2=198923&pathrev=198924
   M http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-auxiliary.html?r1=198924&r2=198923&pathrev=198924

UPGRADE: Rename the 'https' header.

The 'https' header broke a number of websites that depended on it not
being set. This patch renames the header to match the CSP directive for
which it advertises support[1].

[1]: https://w3c.github.io/webappsec/specs/upgrade/#preference

BUG= 501842 

Review URL: https://codereview.chromium.org/1235263002
-----------------------------------------------------------------

Comment 19 by hugh...@gmail.com, Jul 15 2015

Suddenly got the problem today on main Spanish consumer site. Had worked recently. Fine on firefox

https://www.ocu.org/

Comment 20 by mkwst@chromium.org, Jul 15 2015

Labels: -M-45 -Type-Compat M-44 Merge-Request-44 Merge-Request-45
Per discussion in the W3C, we've renamed the signaling header from `HTTPS` to `Upgrade-Insecure-Requests` to avoid unintended interactions with sites that are unexpectedly interpreting the `HTTPS` header.

This effects M44, and I'd like to merge the (really trivial, I promise!) patch back to M45 and M44. Penny, any chance of that happening (and apologies that it took so long to bikeshed a replacement name...)?

Comment 21 by mkwst@chromium.org, Jul 15 2015

 Issue 505268  has been merged into this issue.

Comment 22 by Deleted ...@, Jul 15 2015

45.0.2454.6 dev-m
Windows XP

confirm issue (ERR_TOO_MANY_REDIRECTS) on aukro.ua. 

http://aukro.ua/televizory-122928?ref=simplified-category-tree
http://aukro.ua/bytovaya-tehnika?ref=simplified-category-tree

Fine on stable and firefox.
Labels: -Merge-Request-44 Merge-Review-44 Hotlist-Merge-Review
[Automated comment] Less than 2 weeks to go before stable on M44, manual review required.
Labels: -Merge-Request-45 Merge-Approved-45 Hotlist-Merge-Approved
Approved for M45 (branch: 2454)
Project Member

Comment 25 by bugdroid1@chromium.org, Jul 16 2015

Labels: -Merge-Approved-45 merge-merged-2454
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=199025

------------------------------------------------------------------
r199025 | mkwst@chromium.org | 2015-07-16T10:49:40.337769Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/post-https-header.pl?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-auxiliary.html?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/Source/core/loader/FrameFetchContext.cpp?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/Source/core/loader/FrameFetchContextTest.cpp?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/check-https-header.pl?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/echo-https-header.pl?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-subresource.html?r1=199025&r2=199024&pathrev=199025
   M http://src.chromium.org/viewvc/blink/branches/chromium/2454/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-nested.html?r1=199025&r2=199024&pathrev=199025

Merge 198924 "UPGRADE: Rename the 'https' header."

> UPGRADE: Rename the 'https' header.
> 
> The 'https' header broke a number of websites that depended on it not
> being set. This patch renames the header to match the CSP directive for
> which it advertises support[1].
> 
> [1]: https://w3c.github.io/webappsec/specs/upgrade/#preference
> 
> BUG= 501842 
> 
> Review URL: https://codereview.chromium.org/1235263002

TBR=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1239933002
-----------------------------------------------------------------
Labels: -Merge-Review-44 -Hotlist-Merge-Review Merge-Approved-44
Merge approved for m44 branch 2403 (for next stable refresh).
Project Member

Comment 27 by bugdroid1@chromium.org, Jul 17 2015

Labels: -Merge-Approved-44 merge-merged-2403
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=199090

------------------------------------------------------------------
r199090 | chrome-bot@google.com | 2015-07-17T07:35:11.015899Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-subresource.html?r1=199090&r2=199089&pathrev=199090
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-nested.html?r1=199090&r2=199089&pathrev=199090
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-auxiliary.html?r1=199090&r2=199089&pathrev=199090
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403/Source/core/loader/FrameFetchContext.cpp?r1=199090&r2=199089&pathrev=199090
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403/Source/core/loader/FrameFetchContextTest.cpp?r1=199090&r2=199089&pathrev=199090

Merge 198924 "UPGRADE: Rename the 'https' header."

> UPGRADE: Rename the 'https' header.
> 
> The 'https' header broke a number of websites that depended on it not
> being set. This patch renames the header to match the CSP directive for
> which it advertises support[1].
> 
> [1]: https://w3c.github.io/webappsec/specs/upgrade/#preference
> 
> BUG= 501842 
> 
> Review URL: https://codereview.chromium.org/1235263002

TBR=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1242553002
-----------------------------------------------------------------

Comment 28 by da...@smidovi.eu, Jul 22 2015

aukro.cz still gives me ERR_TOO_MANY_REDIRECTS on Chrome 44.0.2403.89 :
http://aukro.cz/listing/user/listing.php?us_id=39847239

Comment 29 by mkwst@chromium.org, Jul 22 2015

The fix didn't make it into the initial stable release; as #26 notes, it will be in the next stable refresh. So, soonish. :)
 Issue 512964  has been merged into this issue.
To be clear, since I worry I'm not explaining myself well...

Latest chrome release forces http://refusons.org to fetch resources over https, which fails and results in non-secure errors. Site is allowing for it, but not able to support it as it does not detail ssl certificate. Other browsers (and older Chrome) work fine as browsers permit either http or https and seeing no ssl fetches over http.

Thank you..

Comment 32 by Deleted ...@, Jul 23 2015

I can reproduce this issue with version 44.0.2403.89 (64-bit).

When I visit a website, that supports both, http and https but prefers http, I get a redirect-loop and in the end a too_many_redirects error from chrome, because it does request https even when the remote server answers in http.

Comment 33 Deleted

Comment 34 Deleted

Comment 35 Deleted

Comment 36 Deleted

Comment 37 Deleted

Comment 38 by Deleted ...@, Jul 23 2015

if you are the owner of domain you can fix this with add a line of code to .htaccess file

add "RequestHeader unset HTTPS"

Comment 39 Deleted

Comment 40 by Deleted ...@, Jul 23 2015

so what.. i should just wait?? lot of my sites had this issue and i can't risk that my sites don't work for visitors.. at first place i'm surprised that bug like this can be released in soft like chrome.. 

Comment 41 by Deleted ...@, Jul 23 2015

and even if they release the fix, there is still chance some % of users had the chrome versions that make this issue and my sites will not work for them.. so im happy there is that simple solution as add line of code to htaccess
Similar issues on this side. I'm surprised such a damaging bug made it to a stable build.

Comment 43 by mkwst@chromium.org, Jul 23 2015

Cc: penny...@chromium.org
I apologize for the breakage; I apparently underestimated the impact based on the feedback during dev and beta:

1. A fix has been merged back to the stable branch (http://src.chromium.org/viewvc/blink?view=revision&revision=199090), but not quickly enough for the stable release that went out on Tuesday. I'll raise this bug with our release managers to see what can be done with regard to updating the stable channel.

2. Going forward, Chrome will no longer send `HTTPS` headers (We renamed the header from `HTTPS` to `Upgrade-Insecure-Requests` in response to the reports we got during beta), so ,at least with regard to Chrome, something like #38's suggestion is a reasonable short-term workaround. I'd certainly recommend removing it once Chrome pushes an update, but it will mitigate the issue for the moment.


Confirming #38's workaround worked for us.

You'll let us know when the fix has been merged into the latest release?

Thank you. 
Hey mkwst,

Thanks for the clarification on the issue; its really reassuring to hear the chromium team is all over it.

Comment 46 by Deleted ...@, Jul 23 2015

Has anyone tried #38's workaround in IIS web.config?

Comment 47 Deleted

+Restrict-AddIssueComment-EditIssue?

Comment 49 Deleted

Comment 50 Deleted

Cc: songsuk@chromium.org
Unable to reproduce this on CrOS Daisy Device 7077.95.0/44.0.2403.90 Stable build

Song confirmed that this is not reproducible on the Dev Build 7262.13.0
45.0.2454.15 as well.

All these 3 sites phpfashion.com / latrine.cz / vitalita.cz loads correctly with out any redirects.
Bug reproduced on 44.0.2403.89 (64-bit) with the following domain set which are both aliases (CNAME) of the same server:

- http://mailing.fsma.pl (security error displayed - no HTTPS access to subdomain)
- http://newsletter.fsma.pl (works - no "real" HTTPS on the domain but a HTTPS URL is generated by Cloudflare)
Cc: dharani@chromium.org

Comment 54 Deleted

Comment 55 by jmcmu...@gmail.com, Jul 23 2015

Tried adding #38 tempfix to the httpd.conf file but still does not work.

Ex. https://www.eddiebauer.com/checkout/bag.jsp

Getting the ERR_TOO_MANY_REDIRECTS. Verified that we only have this issue with 44.0.2403.89 (64-bit). This is only happening when we go from http to https. Previous versions of Chrome work correctly as do other browsers (Firefox, IE, Safari).

Comment 57 by dymp...@gmail.com, Jul 24 2015

http://www.fieldtex-gateway.com/

feedback report sent 9:30 PM EDT # issue 501842 

Google Chrome	44.0.2403.90 (Official Build) (64-bit)
Revision	b91b71fcb85fcf703c5b2c4c48f43bec7ae28dcd
Platform	7077.95.0 (Official Build) stable-channel auron_yuna
Blink	537.36 (@2a6ea957194f0008cc4ab0763e0d35d29fe18310)


Comment 58 by dymp...@gmail.com, Jul 24 2015

1Mozilla/5.0 (X11; CrOS x86_64 7077.95.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.90 Safari/537.36

Add to #57 

Comment 59 by Deleted ...@, Jul 24 2015

Hi mkwst,

Is there an equivalent fix for IIS web.config? We have the same issue in our 3 sites.
Yes, update WooCommerce, this fixes it.
When will this fix be released? Is this the same bug as : 
https://code.google.com/p/chromium/issues/detail?id=513574
?

Thank you.

 Issue 513433  has been merged into this issue.
Hello all,

This fix patch is now live on M44 Desktop stable channel version 44.0.2403.107 (Win, Mac, Linux).

Comment 64 by jmcmu...@gmail.com, Jul 24 2015

This resolves my issue. Thank you so much!

Comment 65 by mattm...@gmail.com, Jul 25 2015

Version 44.0.2403.107 (64-bit) works. Thanks a lot! 

Comment 66 by mkwst@chromium.org, Jul 30 2015

Cc: mkwst@chromium.org brajkumar@chromium.org
 Issue 513466  has been merged into this issue.
 Issue 517526  has been merged into this issue.
Project Member

Comment 68 by bugdroid1@chromium.org, Aug 10 2015

Labels: merge-merged-2403_90
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=200248

------------------------------------------------------------------
r200248 | amineer@chromium.org | 2015-08-10T16:07:37.451760Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-subresource.html?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-nested.html?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/post-https-header.pl?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-auxiliary.html?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/Source/core/loader/FrameFetchContext.cpp?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/Source/core/loader/FrameFetchContextTest.cpp?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/check-https-header.pl?r1=200248&r2=200247&pathrev=200248
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/resources/echo-https-header.pl?r1=200248&r2=200247&pathrev=200248

Merge 198924 "UPGRADE: Rename the 'https' header."

> UPGRADE: Rename the 'https' header.
> 
> The 'https' header broke a number of websites that depended on it not
> being set. This patch renames the header to match the CSP directive for
> which it advertises support[1].
> 
> [1]: https://w3c.github.io/webappsec/specs/upgrade/#preference
> 
> BUG= 501842 
> 
> Review URL: https://codereview.chromium.org/1235263002

TBR=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1280573003
-----------------------------------------------------------------
Project Member

Comment 69 by bugdroid1@chromium.org, Aug 10 2015

The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=200253

------------------------------------------------------------------
r200253 | amineer@chromium.org | 2015-08-10T17:13:30.868023Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-subresource.html?r1=200253&r2=200252&pathrev=200253
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-nested.html?r1=200253&r2=200252&pathrev=200253
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-auxiliary.html?r1=200253&r2=200252&pathrev=200253
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/Source/core/loader/FrameFetchContext.cpp?r1=200253&r2=200252&pathrev=200253
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_90/Source/core/loader/FrameFetchContextTest.cpp?r1=200253&r2=200252&pathrev=200253

Merge 198924 "UPGRADE: Rename the 'https' header."

Previous merge was fine, but the branch it was merged to was based on the wrong
revision.  Deleted old branch, re-created based on right source, re-merging to
finalize this issue.

> UPGRADE: Rename the 'https' header.
> 
> The 'https' header broke a number of websites that depended on it not
> being set. This patch renames the header to match the CSP directive for
> which it advertises support[1].
> 
> [1]: https://w3c.github.io/webappsec/specs/upgrade/#preference
> 
> BUG= 501842 
> 
> Review URL: https://codereview.chromium.org/1235263002

TBR=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1281293002
-----------------------------------------------------------------
Project Member

Comment 70 by bugdroid1@chromium.org, Aug 10 2015

Labels: merge-merged-2403_901
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=200258

------------------------------------------------------------------
r200258 | amineer@chromium.org | 2015-08-10T18:21:35.921137Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_901/Source/core/loader/FrameFetchContext.cpp?r1=200258&r2=200257&pathrev=200258
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_901/Source/core/loader/FrameFetchContextTest.cpp?r1=200258&r2=200257&pathrev=200258
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_901/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-subresource.html?r1=200258&r2=200257&pathrev=200258
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_901/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-nested.html?r1=200258&r2=200257&pathrev=200258
   M http://src.chromium.org/viewvc/blink/branches/chromium/2403_901/LayoutTests/http/tests/security/upgrade-insecure-requests/https-header-auxiliary.html?r1=200258&r2=200257&pathrev=200258

Merge 198924 "UPGRADE: Rename the 'https' header."

Merging to a one-off hack branch because git-svn hates you, it hates me,
it hates everybody.

> UPGRADE: Rename the 'https' header.
> 
> The 'https' header broke a number of websites that depended on it not
> being set. This patch renames the header to match the CSP directive for
> which it advertises support[1].
> 
> [1]: https://w3c.github.io/webappsec/specs/upgrade/#preference
> 
> BUG= 501842 
> 
> Review URL: https://codereview.chromium.org/1235263002

TBR=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1287453005
-----------------------------------------------------------------
Cc: rtenneti@chromium.org cbentzel@chromium.org
 Issue 521006  has been merged into this issue.
 Issue 513623  has been merged into this issue.

Comment 73 by jmcmu...@gmail.com, Sep 11 2015

Re: #55 - Is there a solve for this without updating the browser. We have many customers that are still running 44.0.2403.1 and when they hit our shopping bag it appears that they are abandoning due to the bug. I guess we could sniff and alert, but was wondering if there was any other fix for those that refuse to upgrade.

Comment 74 Deleted

Comment 75 by hac...@gmail.com, Sep 12 2015

This solution was posted earlier and apparenly works:

Add the following to the .htaccess File for your web server:
RequestHeader unset HTTPS

Comment 76 by Deleted ...@, Sep 12 2015

Has been a long time since the first report.
adding: RequestHeader unset HTTPS in .htaccess doesn't solve my issue. 
any idea? very disappoint with this bug.
mkwst: Should this be marked as fixed?

rafassh: redirect loops can be caused by many potential sources. If actually the "https" header keep on this bug. Otherwise please open a new one. THanks
Not fixed in 45.0.2454.101 m. Seeing the redirect loop on http://www.12connect.com (homepage). Site is working fine on Firefox and Edge.
Status: Fixed
brautschloss: That page seems to have a problem distinct from the one which this bug is tracking. It's responding poorly to the `Accept-Language` header:

> curl -I -H "Accept-Language: en-US,en;q=0.8" http://www.12connect.com/

returns a 302 redirect to `http://www.12connect.com/en`, which redirects back to `http://www.12connect.com/`.

I don't think our `Accept-Language` behavior changed in 45. Perhaps that site has changed its code recently? If not, please file a new bug.

Comment 80 Deleted

Hi All
This message is critically urgent. The problem I am experiencing is ongoing and definitely occurring since July of this year. I am using chrome Version 46.0.2490.86 m  and am still receiving the error 

ERR_TOO_MANY_REDIRECTS

I am only receiving this error when I visit any page on my site http://www.ingobox.co.uk using the chrome browser. I type in directly into the address bar in chrome the following www.ingobox.co.uk .The issue does not arise with any other browser firefox, IE and safari. The problem is unique to the chrome browser. The problem can be temporarily removed by clearing the browser cache and cookies. 

This has been confirmed by third parties using chrome also. 
 
If this is genuinely a known outstanding chrome issue and someone can help with a solid solution then I'll be very grateful if you can post the solution here.

regards
Higgs
higgs12345: This bug was fixed in Chrome 44. If you're still seeing ERR_TOO_MANY_REDIRECTS, you have a different issue. Please file a separate bug at https://crbug.com/new and attach a net-internals log per these instructions:
https://dev.chromium.org/for-testers/providing-network-details

Comment 83 by Deleted ...@, Dec 5 2015

I'm getting the issue of my pages being forced to https and having a warning page.  I just noticed this was doing this when I searched a page on my site through bing and yahoo and the 'connection is not private' warning came up.  It does not do this when I search with google (which I've always done.)  I came across an article about the problem with chrome version 44 and that in 45 it would be fixed.  Well I'm currently using version 47 and getting this problem.  Will doing the .htaccess fix help my problem?  And not all my pages have the warning only some, it's weird.
tcgarner71: Please see comment #82 right above yours.

Sign in to add a comment