[英]Can Chrome or FireFox force https request instead of http request?
I have pretty strange situation. 我的情况很奇怪。 I'm working on domain example.net and some of its pages are delivered via https and some over http (but http resources can be accessed using https too).
我正在使用example.net域,它的某些页面是通过https传递的,有些是通过http传递的(但是也可以使用https访问http资源)。 When I access page http://example.net/page1.html delivered using http protocol Chrome executes HTTP request.
当我访问使用http协议传送的页面http://example.net/page1.html时, Chrome会执行HTTP请求。 Then, when I access https://example.net/page2.html via HTTPS Chrome executes HTTPS request.
然后,当我通过HTTPS访问https://example.net/page2.html时 ,Chrome执行HTTPS请求。 Till now everything is as it should be.
到现在为止一切都应该是应该的。 I then try to access http://example.net/page1.html via HTTP but Chrome executes HTTPS request.
然后,我尝试通过HTTP访问http://example.net/page1.html ,但Chrome执行HTTPS请求。
My first thought was that http://example.net/page1.html redirects to https://example.net/page1.html but this is not the case. 我首先想到的是http://example.net/page1.html重定向到https://example.net/page1.html,但事实并非如此。 Here's list of things I've checked:
这是我检查过的东西的清单:
Is there some new security policy, server header etc. that forces Chrome and FireFox to force https after browser finds out that server responds to https? 浏览器发现服务器响应https后,是否有一些新的安全策略,服务器标头等强制Chrome和FireFox强制https? I'm working on newest Chrome (33.0.1750.154) and FF (28.0).
我正在使用最新的Chrome(33.0.1750.154)和FF(28.0)。
As it turns out there's a header web server can set during HTTPS response to tell browser to force HTTPS on all requests. 事实证明,可以在HTTPS响应期间设置标头Web服务器,以告诉浏览器在所有请求上强制使用HTTPS。 You can read more about it here HTTP Strict Transport Security
您可以在此处了解更多有关HTTP严格传输安全性的信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.