0

I have currently setup a website with a ssl cert which does not support wildcards and points to the bare domain. Upon testing the URL on different browsers I noticed that when requesting the domain with the www subdomain (https://www ... ), which is not supported by the certificate, gets a response in chrome. So I looked up the requested url in the dev tools and found that chrome does request the url without the www subdomain. Is this normal behavior for Chrome?

On other browsers this behavior is not occurring. In Firefox and Internet Explorer I get the expected certificate error.

Improve this question

1 Answer 1

Reset to default
1

This is most probably not a problem with the certificate, but a Chrome "feature".

If you set Chrome to look at the flag chrome://flags/#omnibox-ui-hide-steady-state-url-trivial-subdomains, you will see this text:

Omnibox UI Hide Steady-State URL Trivial Subdomains

In the omnibox, hide trivial subdomains from steady state displayed URLs. Hidden portions are restored during editing. For Mac, this flag will have no effect unless MacViews is enabled. – Mac, Windows, Linux, Chrome OS, Android

Chrome considers "www" to be a "trivial subdomain", so hides it by default.

I don't have you website for testing, but disabling this flag might make Chrome avoid adding the "www." before the website name. If it is not enough, then Chrome is just overdoing its friendliness.

Improve this answer
2
  • This is not the case since Chrome does request the url without the subdomain. If Chrome would request the subdomain an error should occure because the certificate is not valid for the subdomain.
    – user3657850
    Commented Jan 31, 2019 at 18:47
  • The friendly Chrome tries several trivial subdomains such as www, with or without, until one works. Many browsers have some such optimizations.
    – harrymc
    Commented Jan 31, 2019 at 20:21

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .