Chrome 44 cgi.https value changed from "on" for SSL traffic to "1" for all traffic

Weird issue, used to use a few cgi.https comparison with "on" as per https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx which indicates it would be populated with on or off in IIS.

In Chrome 43 this used to return the value on for https and off for http, in chrome 44 the value has change to 1 for all traffic (https and http), nothing in the release notes from what I can see at https://chromium.googlesource.com/chromium/src/+log/43.0.2357.134..44.0.2403.89?pretty=fuller&n=10000


Update: Google acknowledge the issue and fixed it see http://src.chromium.org/viewvc/blink?view=revision&revision=199090

The "number" of websites the release broke is funny, as I would think it is "a lot", WooCommerce apparently was broken, as was any PHP or ColdFusion code using the cgi.https comparison.

Just as an FYI, I'm not sure what php.net did to their website in response, but their main google SERP says https://www.php.net which is unreachable with a base href of https but now that seems to be changed to https://secure.php.net


The issue occurred from Chrome Version 44.0.2403.89 on 21/Jul/2015 to approx. 44.0.2403.107 on 24/July /2015 when the header was renamed to "Upgrade-Insecure-Requests"

Another life long hack required for backward compatible websites, thanks.

Comments

Popular posts from this blog

cf_sql_timestamp vs cf_sql_date vs getdate()

Global SQL Procedure, System Objects and sp_ms_marksystemobject

Ghost Records, Card Recon and PCI Compliance