Otdfbt

Dad jokes are fun

Are there any German nonsense poems (Jabberwocky)?

Variable declaraton with extra in C

Would Buddhists help non-Buddhists continuing their attachments?

Who knighted this Game of Thrones character?

Why is 'additive' EQ more difficult to use than 'subtractive'?

What did the 'turbo' button actually do?

Cardio work for Muay Thai fighters

Expected maximum number of unpaired socks

Is keeping the forking link on a true fork necessary (Github/GPL)?

Burned out due to current job, Can I take a week of vacation between jobs?

How to politely tell someone they did not hit reply all in email?

The disk image is 497GB smaller than the target device

Testing using real data of the customer

I want to know what marumaru means

“For nothing” = “pour rien”?

If I arrive in the UK, and then head to mainland Europe, does my Schengen visa 90 day limit start when I arrived in the UK, or mainland Europe?

Why does splatting create a tuple on the rhs but a list on the lhs?

What is the use case for non-breathable waterproof pants?

Using too much dialogue?

Is there a simple example that empirical evidence is misleading?

Can we assume that a hash function with high collision resistance also means highly uniform distribution?

One word for 'the thing that attracts me'?

Creating second map without labels using QGIS?

IMG loaded from HSTS domain on non-HTTPS site breaks site

HSTS on Amazon CloudFront from S3 originConfigure Apache to send HSTS header only in virtual hosts using HTTPSHSTS secured domain migrationIdeally, how should HSTS / SSL Everywhere / Let's encrypt work with captive Wifi portals?HSTS with canonical URL redirect in nginxUsing HSTS with Sub Domain ForwardingNginx - HSTS and Redirect non-www to wwwApache: HSTS redirection on non-standard HTTP port causes SSL errorHSTS: Is includeSubDomains on main domain sufficient?HSTS issues when redirecting to www. sub domain

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

Would HSTS cause an entire site (browser) to redirect to its HTTPS counterpart if a single (or more) resource from an HSTS domain was inserted into a HTTP site - e.g. through an 'img' tag?

We have http://subdomain.example.com loading an image from http(s)://www.example.com and then, incorrectly, http://subdomain.example.com redirects to http(s)://subdomain.example.com (causing the page to essentially break - it doesn't load at all) when the image is loaded. If we remove the image from the HTML the site functions correctly.

Is this expected behaviour and the essence of HSTS?

Note: we see www.example.com and example.com in the browser HSTS cache/store when the site loads the image. Clearing this causes the site to work fine, but subsequent reloads of the page then break (assuming because the browser has identified the HSTS once, and subsequent calls will then redirect following the HSTS policy/nature).

hsts

share|improve this question

edited May 10 at 3:13

Michael Hampton♦

178k27322655

asked May 10 at 1:37

KinnectusKinnectus

235110

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  That depends. What have you set the headers to?
  
  – Michael Hampton♦
  May 10 at 3:09
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply. I haven't set the headers but a quick look at the domain on a HSTS checker has a clue "includeSubDomains".
  
  – Kinnectus
  May 10 at 4:29
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, that would do it.
  
  – Michael Hampton♦
  May 10 at 4:30
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I had an epiphany to check that, in the middle of the night, when I was up tending to one of my kids who decided to wake up at 2am... Thank you for your quick responses
  
  – Kinnectus
  May 10 at 4:36
  

  
  
  
  

add a comment | 

0

Would HSTS cause an entire site (browser) to redirect to its HTTPS counterpart if a single (or more) resource from an HSTS domain was inserted into a HTTP site - e.g. through an 'img' tag?

We have http://subdomain.example.com loading an image from http(s)://www.example.com and then, incorrectly, http://subdomain.example.com redirects to http(s)://subdomain.example.com (causing the page to essentially break - it doesn't load at all) when the image is loaded. If we remove the image from the HTML the site functions correctly.

Is this expected behaviour and the essence of HSTS?

Note: we see www.example.com and example.com in the browser HSTS cache/store when the site loads the image. Clearing this causes the site to work fine, but subsequent reloads of the page then break (assuming because the browser has identified the HSTS once, and subsequent calls will then redirect following the HSTS policy/nature).

hsts

share|improve this question

edited May 10 at 3:13

Michael Hampton♦

178k27322655

asked May 10 at 1:37

KinnectusKinnectus

235110

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  That depends. What have you set the headers to?
  
  – Michael Hampton♦
  May 10 at 3:09
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply. I haven't set the headers but a quick look at the domain on a HSTS checker has a clue "includeSubDomains".
  
  – Kinnectus
  May 10 at 4:29
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, that would do it.
  
  – Michael Hampton♦
  May 10 at 4:30
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I had an epiphany to check that, in the middle of the night, when I was up tending to one of my kids who decided to wake up at 2am... Thank you for your quick responses
  
  – Kinnectus
  May 10 at 4:36
  

  
  
  
  

add a comment | 

Would HSTS cause an entire site (browser) to redirect to its HTTPS counterpart if a single (or more) resource from an HSTS domain was inserted into a HTTP site - e.g. through an 'img' tag?

We have http://subdomain.example.com loading an image from http(s)://www.example.com and then, incorrectly, http://subdomain.example.com redirects to http(s)://subdomain.example.com (causing the page to essentially break - it doesn't load at all) when the image is loaded. If we remove the image from the HTML the site functions correctly.

Is this expected behaviour and the essence of HSTS?

Note: we see www.example.com and example.com in the browser HSTS cache/store when the site loads the image. Clearing this causes the site to work fine, but subsequent reloads of the page then break (assuming because the browser has identified the HSTS once, and subsequent calls will then redirect following the HSTS policy/nature).

hsts

share|improve this question

edited May 10 at 3:13

Michael Hampton♦

178k27322655

asked May 10 at 1:37

KinnectusKinnectus

235110

share|improve this question

edited May 10 at 3:13

Michael Hampton♦

178k27322655

asked May 10 at 1:37

KinnectusKinnectus

235110

share|improve this question

edited May 10 at 3:13

Michael Hampton♦

178k27322655

asked May 10 at 1:37

KinnectusKinnectus

235110

edited May 10 at 3:13

Michael Hampton♦

178k27322655

edited May 10 at 3:13

Michael Hampton♦

178k27322655

asked May 10 at 1:37

KinnectusKinnectus

235110

asked May 10 at 1:37

KinnectusKinnectus

235110