Issue 625165 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jul 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

HTTP to HTTPS redirection with port

Reported by benjamin...@gmail.com, Jul 1 2016

Issue description

Chrome Version       : 51.0.2704.103
URLs http://jenkins:8080/ internal
Other browsers tested:
    Firefox:OK version 41

What steps will reproduce the problem?
(1) Have a tomcat server with http on port 8080 and https on port 8443
(2) Have an application that redirect http to https through the web.xml
(3) Go to the application through the http url with port (8080), get redirected to the https port (8443), first time is ok
http://jenkins:8080/ => https://jenkins:8443/
(4) Go to the application through the http url with port (8080), get redirected to the https on port 8080, FAIL

What is the expected result?
Do not redirect to https if a port is present in the url, let the server do it since port cannot be determined

What happens instead?
Got redirected with protocol https on http port


Please provide any additional information below. Attach a screenshot if
possible.

net-internals-log.json
106 KB View Download

Comment 1 by b...@chromium.org, Jul 1 2016

Status: WontFix (was: Unconfirmed)

Sorry, this is working as intended.  It seems like there is an "HSTS" field in the first response (though it does not seem to be included in the net-internals-log, only the second response).  HSTS specification is RFC6797, which at Section 8.3 item 5 says 'if the URI contains an explicit port component that is not equal to "80", the port component value MUST be preserved'.

https://tools.ietf.org/html/rfc6797#section-8.3

►

Issue 625165 link

Issue metadata

HTTP to HTTPS redirection with port

Issue description

Comment 1 by b...@chromium.org, Jul 1 2016

Comment 1 Deleted

Sign in to add a comment