On 15/04/2021 09:12, Celejar wrote:
On Thu, 15 Apr 2021 11:16:59 +0100
piorunz <pior...@gmx.com> wrote:
On 15/04/2021 03:15, Celejar wrote:
http://www.daat.ac.il/
https://www.daat.ac.il/
Celejar
I can confirm the problem, by the way.
Their webserver is misconfigured. AFAIR, if they don't support https,
their server should redirect to http page. Instead, they throw 404 error.
Do you have a reference for this as required by the standards?
I don't think this is required by any standard.
But it's certainly bad practice: if they don't want to support https,
they should disable it, and not return a 404 error. It may not be a
requirement that the http and https content have to be the same, but it
certainly makes a lot of sense that they are.
So I'd agree that the website is misconfigured. You might try contacting
them.
Unlike the HTTPS Everywhere extension, that has a list of sites that
should be accessed only with https, the built-in Firefox function seems
to just try to make an https connection, and if it succeeds, assumes
(reasonably, IMHO) that the site supports https. Since 404 is a valid
response that in no way indicates lack of https support (on the
contrary), it then redirects everything to https.
The docs say you can disable https for a specific site:
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
. But if this happens a lot, it might be simpler to simply disable that
Firefox feature. Not because it's buggy, but because it make reasonable
assumptions about websites' behaviours, which unfortunately are not
followed by everyone.
--
Canada Bill Jones's Motto:
It's morally wrong to allow suckers to keep their money.
Canada Bill Jones's Supplement:
A Smith and Wesson beats four aces.
Eduardo M KALINOWSKI
edua...@kalinowski.com.br