Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

Why does Strict-Transport-Security not work on Firefox for Android?

  • 1 trả lời
  • 1 gặp vấn đề này
  • 4 lượt xem
  • Trả lời mới nhất được viết bởi wiwouchu

wiwouchu
wiwouchu
more options

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected.

But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Our internal server sends the Strict-Transport-Security header but it does not work on Firefox for Android. It works on the PC but not on the mobile phone. Max-Age is set to 31536000 seconds (1 year). Now when I access our servers via https, the browser saves the HSTS policy. Now I close Firefox on the PC and then I open Firefox and press F12 to see the connections. If I now access http://example-internal-server.local the browser overwrites the request with HTTPS as expected. But on Firefox for Android it doesn't work as expected. On my mobile I open https://example-internal-server.local again so that the browser can save the HSTS policy. Now I close Firefox and reopen Firefox. Now I visit http://example-internal-server.local and expect Firefox to automatically convert the unsafe request to HTTPS because of HSTS. Which he's not. What's going on here?

Được chỉnh sửa bởi wiwouchu vào

Tất cả các câu trả lời (1)

wiwouchu
wiwouchu Người tạo câu hỏi
more options

Okay, the problem is now half solved but only half solved. I had to create a PTR record for the domain. Now it works on the stable (default) Version of Firefox 60.0 on my mobile.

The new problem is now: How can I make it work in Firefox Nightly on my mobile phone? It does work on Nightly on the PC but not on my mobile. Or does Strict Transport Security (HSTS) generally not work on Nightly?

Được chỉnh sửa bởi wiwouchu vào