Chrome and Firefox automatically redirect to https on a certain site
I have a drupal site that runs on nginx and php-fpm with haproxy balancing between multiple servers.
I have two services set up for haproxy: http and https.
if i go to http://subdomain.domain.com, it works fine.
If I go to https://subdomain.domain.com, it also works fine. If I then go back to http it now redirects to https. This happens in firefox and chrome, but not in IE.Is there some setting somewhere that redirects to https automatically if it knows that it exists? Perhaps if a secure header is set?
I tried looking at LiveHTTPHeaders, but it only shows the https portion at this point.
I tried looking in Chrome, and it says this:t=1312233405229 [st= 0] +REQUEST_ALIVE [dt=192]
t=1312233405229 [st= 0] URL_REQUEST开发者_如何学编程_START_JOB [dt= 0]
--> load_flags = 1114241 (ENABLE_LOAD_TIMING | MAIN_FRAME | VALIDATE_CACHE | VERIFY_EV_CERT)
--> method = "GET"
--> priority = 0
--> url = "http://subdomain.domain.com/"
t=1312233405229 [st= 0] +URL_REQUEST_START_JOB [dt= 0]
--> load_flags = 1114241 (ENABLE_LOAD_TIMING | MAIN_FRAME | VALIDATE_CACHE | VERIFY_EV_CERT)
--> method = "GET"
--> priority = 0
--> url = "http://subdomain.domain.com/"
t=1312233405229 [st= 0] URL_REQUEST_REDIRECTED
--> location = "https://subdomain.domain.com/"
It seems to be doing a redirect, but doesn't say why.
I tried sniffing with Wireshark, but wasn't able to make any sense of it, as I can't get the SSL decryption to work (I have the key).
I have figured this out. I had a setting in nginx: add_header Strict-Transport-Security "max-age=7200"; This is a new feature supported by chrome and firefox 4: chromium.org/sts
精彩评论