[www.kde.org] [Bug 492145] New: networkcheck.kde.org has HSTS enabled, which breaks captive portals if you ever visit it with HTTPS

[forestbeasts]

https://bugs.kde.org/show_bug.cgi?id=492145

            Bug ID: 492145
           Summary: networkcheck.kde.org has HSTS enabled, which breaks
                    captive portals if you ever visit it with HTTPS
    Classification: Websites
           Product: www.kde.org
           Version: unspecified
          Platform: Other
                OS: All
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kde-www at kde.org
          Reporter: forestbeasts at brightfur.net
  Target Milestone: ---

SUMMARY
networkcheck.kde.org has HSTS enabled, so if you ever visit it with HTTPS, your
browser will only try to load it with HTTPS, which breaks captive portals.

STEPS TO REPRODUCE
1. Visit https://networkcheck.kde.org.
2. Join a captive portaled wifi network (coffeeshop, etc.).

OBSERVED RESULT
https://networkcheck.kde.org has a certificate error.

EXPECTED RESULT
http://networkcheck.kde.org gets redirected by the captive portal to its own
login page.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Linux 40
KDE Plasma Version: 6.1.4
KDE Frameworks Version: 6.5.0
Qt Version: 6.7.2

ADDITIONAL INFORMATION
This should be an easy fix – just turn off HSTS on networkcheck.kde.org. (This
won't help people who've already visited it with HTTPS, but eventually the HSTS
will expire and they'll be fine.)

You can tell HSTS is enabled by running `curl -v http://networkcheck.kde.org`
and looking for the Strict-Transport-Security header.

-- 
You are receiving this mail because:
You are the assignee for the bug.