Nginx 重定向到非 https 地址在 Firefox 中失败 [英] Nginx redirect to non-https address failes in Firefox
问题描述
在当前使用 HTTPS 的网站上,我想将某些页面重定向到 HTTP,而不是在它们上使用 SSL.在 nginx 中,我是这样配置的:
On a website which currently is serving on HTTPS, I want to redirect some pages to HTTP and not use SSL on them. In nginx I configured it like this:
server{
listen 80;
server_name example.com;
location / {
root /var/some/where;
}
location /secure {
return 301 https://example.com$request_uri;
}
}
server{
listen 443 ssl;
server_name example.com;
include ssl_params;
location /secure {
root /var/some/where/secure;
}
location / {
return 301 http://example.com$request_uri;
}
}
使用 curl 我可以看到一切都很好,如下所示:
Using curl I can see everything is fine as follow:
$ curl -sIL https://example.com/ | grep HTTP
HTTP/1.1 301 Moved Permanently
HTTP/1.1 200 OK
$ curl -sIL http://example.com/ | grep HTTP
HTTP/1.1 200 OK
但是当我尝试在 Firefox 中打开 HTTPS url 时,我会收到此错误:
But when I try to open HTTPS url in Firefox, I'll get this error:
The page isn't redirecting properly.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies
使用私人窗口,当我第一次尝试在 HTTP 中打开 url 时,可以.但是一旦我刷新页面,它就会被重定向到 HTTPS 方案并且错误会再次出现.
Using a private window, when I try to open url in HTTP for the first time, is OK. But as soon as I refresh the page, It'll be redirected to HTTPS scheme and the error will appear again.
推荐答案
Considering Strict-Transport-Security: max-age=15768000 作为 curl -i -L 的结果> 在目标域上,这意味着 hsts 标头存在并且根据定义:
Considering Strict-Transport-Security: max-age=15768000 as result of curl -i -L on target domain, which means hsts header exists and by definition:
告诉您的浏览器始终通过 HTTPS 连接到特定域.攻击者无法降级连接,用户也无法忽略 TLS 警告.
tells your browser to always connect to a particular domain over HTTPS. Attackers aren’t able to downgrade connections, and users can’t ignore TLS warnings.
这篇关于Nginx 重定向到非 https 地址在 Firefox 中失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
