Remove dom.security.https_only_mode_send_http_background_request from security level

Closed Issue created 1 year ago by Thorin

pierov

we already talked about this when enabling HTTPS Only #19850 (closed). I decided to tie it with the Security Level back then. The rationale is that we wanted bad relays to trick users to disable HTTPS Only manually just because of this error. However, I don't know if it's fit in the security level, we might want to revisit that.

/* 1246: disable HTTP background requests [FF82+]
 * When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends
 * a top-level HTTP request without path in order to check if the server supports HTTPS or not
 * This is done to avoid waiting for a timeout which takes 90 seconds
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);

test

standard =true
safer = false
safest = false

cc: @pierov close if happy

Remove dom.security.https_only_mode_send_http_background_request from security level

Linked items ... 0

Activity