2

I seem to have a rather specific issue that I haven't been able to fix. since the last Firefox update (67.0) Firefox seems to redirect requests to a local corporate site to https. Because this site doesn't use https we are then welcomed by a HSTS error. The redirect occurs for a dns "search", the redirect however doesn't occure for a different binding "search.companyname.local", the IIS webserver also contains sites with other single name domains ("tools" for example) which have the same configuration, 2 bindings, one for the single name, one with ".companyname.local" added. These however don't get a redirect to https from firefox.

The version of IIS used is 8.5.9600.16384

Would you have any suggestions how we could resolve the issue? Thanks!

Improve this question
1

1 Answer 1

Reset to default
1

Looks like I found the answer to my problem. Apparently Firefox added http://search to their HSTS preload list:

https://hg.mozilla.org/mozilla-central/file/tip/security/manager/ssl/nsSTSPreloadList.inc

https://hstspreload.org/?domain=search

So it seems like there isn't really going to be a way for me to avoid this issue. I'll have to start using a different domain name.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .