3

I've started noticing this behavior recently on. Even after accepting the cert, it appears to be invalidated by the browser upon switching to an insecure endpoint and back. For example:

  1. Navigate to https://example.com
  2. Accept cert (Chrome displays NET::ERR_CERT_COMMON_NAME_INVALID as the reason why the cert is invalid)
  3. Redirected to http://example.com
  4. Navigate to https://example.com/secure_url
  5. Initial page load works ok but cert seems to be invalidated as a result of this page load and we get net::ERR_INSECURE_RESPONSE in chrome.
  6. If the page is refreshed we have to accept the certificate again and at that point all of the assets that failed to load are available again.

This issue doesn't appear to be happening in Firefox and has't been reported in any other browser. Shouldn't the acceptance of the certificate be limited to once per session? Has Chrome's behavior in this case changed?

Issue on Chrome

devnull
  • 171
  • 8
  • Happening to me as well. I did notice, though, that it is not happening in Chrome Canary. Maybe a botched update? – David Peterman Jul 27 '15 at 20:44
  • I have the same issue since a few days. I also assume a bug in the latest Chrome update, 44.0.2403.107 m, which was released some days ago. – OliverM Jul 28 '15 at 11:39
  • Same error here. Started happening a few days ago. Ubuntu 14.04 LTS (64-bit). Chrome version 44.0.2403.125. – Kafoso Aug 05 '15 at 18:39
  • 1
    possible duplicate of [Determine if ajax call failed due to insecure response or connection refused](http://stackoverflow.com/questions/31058764/determine-if-ajax-call-failed-due-to-insecure-response-or-connection-refused) – Paul Sweatte Aug 07 '15 at 10:01

1 Answers1

0

Add this line in header of your website 

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Murugan Vellaisamy
  • 334
  • 3
  • 15