Pascal, Are you saying that cas redirects to http://foo... and chrome changes the protocol to https://foo... ? And then it only waits 3s for a response??? That sounds like stupid chrome behaviour (but not unexpected).
When serviceValidate is called, it has to be called from https://foo... Are you sure there was no redirect to cas between the two tries (the ST would be different)? Simplest solution would be to configure your foo web server to change any http into https. Ray On Tue, 2023-11-07 at 12:44 +0100, 'Pascal Rigaux' via CAS Community wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, Google Chrome has started trying https when asked http URLs : https://blog.chromium.org/2023/08/towards-https-by-default.html What is not clearly mentioned is the fallback on http: it will also happen if the https response is too slow (3 seconds). This impacted an application here that works on both https&http : https://cas/login?service=http://foo/ -> 302 http://foo/?ticket=XXX # Chrome tries https https://foo/?ticket=XXX -> the app calls serviceValidate with ticket=XXX -> the app also computes many slow things -> after 3s, Chrome aborts (you will see HTTP 499 in server logs) # Chrome retries in http http://foo/?ticket=XXX -> the app calls serviceValidate with ticket=XXX -> which fails In our cases, we did not really want the application to use http. The pb was due to a http/https rev-proxy in front of a http application. Correctly forcing the application to generate https service urls (*) fixes the issue. cu (*) with "SetEnv HTTPS on" for the Drupal -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f688aa1c-0475-49be-b490-c6fdf05b2950%40univ-paris1.fr. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2e9a93c8c58cbf0ad17f87da43996e8d37ce64e1.camel%40uvic.ca.