On Thu, 15 Apr 2021 09:31:11 -0300 Eduardo M KALINOWSKI <edua...@kalinowski.com.br> wrote:
> > On 15/04/2021 09:12, Celejar wrote: > > On Thu, 15 Apr 2021 11:16:59 +0100 > > piorunz <pior...@gmx.com> wrote: > > > >> On 15/04/2021 03:15, Celejar wrote: > >> > >>> http://www.daat.ac.il/ > >>> https://www.daat.ac.il/ > >>> > >>> Celejar > > I can confirm the problem, by the way. > > >> Their webserver is misconfigured. AFAIR, if they don't support https, > >> their server should redirect to http page. Instead, they throw 404 error. > > Do you have a reference for this as required by the standards? > > I don't think this is required by any standard. > > But it's certainly bad practice: if they don't want to support https, > they should disable it, and not return a 404 error. It may not be a > requirement that the http and https content have to be the same, but it > certainly makes a lot of sense that they are. > > So I'd agree that the website is misconfigured. You might try contacting > them. > > Unlike the HTTPS Everywhere extension, that has a list of sites that > should be accessed only with https, the built-in Firefox function seems > to just try to make an https connection, and if it succeeds, assumes > (reasonably, IMHO) that the site supports https. Since 404 is a valid > response that in no way indicates lack of https support (on the > contrary), it then redirects everything to https. Thank you. That was my analysis of the problem as well. > The docs say you can disable https for a specific site: > https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ > I tried the setting, but it didn't seem to work. > . But if this happens a lot, it might be simpler to simply disable that > > Firefox feature. Not because it's buggy, but because it make reasonable > assumptions about websites' behaviours, which unfortunately are not > followed by everyone. I may have to do that. Celejar
