Roger Fink wrote:
When I try to reach this bookmarked URL in SeaMonkey,
http://www.kitco.com/market/ , I get the following instantaneous
message:
"Redirect Loop
Redirection limit for this URL exceeded. Unable to load the requested
page. This may be caused by cookies that are blocked.
The browser has stopped trying to retrieve the requested item. The
site is redirecting the request in a way that will never complete.
Have you disabled or blocked cookies required by this site?
NOTE: If accepting the site’s cookies does not resolve the problem,
it is likely a server configuration issue and not your computer."
The SM URL box displays http://www.kitco.com instead of
kitco.com/market. That's the home page of the site, and from there the
page I want is just one click in. Starting in safe mode makes no
difference.
Note that cookies are accepted normally.
In Firefox, Pale Moon and IE, http://www.kitco.com/market/ is accessed
normally, so I'm wondering if this is a problem with SeaMonkey (2.46),
and if there is a fix for it.
Sometime similar I've seen before can be resolved as follows
(explanation after):
- Close SeaMonkey
- Open your profile directory (Help > Troubleshooting Info > "Show
Folder" button next to "Profile Folder" under "Application Basics)
- From that folder, open the file "SiteSecurityServiceState.txt" using a
plain text editor (e.g. Notepad++ or WordPad - not a word processor)
- Search for and delete any line containing "kitco.com"
- Save the file
- Start SeaMonkey
- Try opening <http://www.kitco.com/market/> again; if the problem is
what I've seen before it should work
If that works, and you're interested why it might happen...
Last time I saw something like this it was because some pages on a
certain site returned a "HTTP Strict Transport Security" or "HSTS"
header indicating that all future requests (to any page on the site)
should use HTTPS. However, some pages on the same site were redirected
to HTTP if accessed via HTTPS. This forms a redirect loop:
- Enter URL using http://
- Browser requests the page using HTTPS because the server previously
said all future requests should use HTTPS
- Server redirects to HTTP
- Browser requests the page using HTTPS because the server previously
said all future requests should use HTTPS
- Server redirects to HTTP
- Repeat...
A similar loop can arise if a server stops setting the HSTS header and
redirects all HTTPS pages to HTTP, since the browser (by design)
remembers that HTTPS should always be used for that server. Either case
is really a misconfiguration of the server, since it has indicated that
all requests should use HTTPS, but is now redirecting HTTPS requests to
HTTP. SiteSecurityServiceState.txt is where SeaMonkey remembers which
sites have set the HSTS header, and deleting the lines for the
problematic site makes it forget so it no longer forces use of HTTPS for
that site.
A browser which has never been used to access the site via HTTPS won't
see the problem, since it will never have received a response from the
server including the HSTS header, so will just request the page via HTTP.
Simply having SeaMonkey recognise this kind of loop and use HTTP would
defeat the point of HTTP Strict Transport Security, which is to prevent
a connection from being downgraded from HTTPS to HTTP when the server
has indicated HTTPS should always be used in future.
--
Mark.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
