2017-02-27 - Re: [GRASE-Hotspot] Re: issues with https login with Facebook

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 6dd580f644491ba71d0b0a8cb7c550e182b66846092f2eb55bd96e82a79d7e4b
Message ID: <CAESLx0JsrT98K8EtsBafwTcgByYU_jyUMz1TzENhPGmdtRTUDA@mail.gmail.com>
Reply To: <ff5b60e8-5357-4d6e-af17-786ed1af5f76@grasehotspot.org>
UTC Datetime: 2017-02-27 04:36:11 UTC
Raw Date: Mon, 27 Feb 2017 21:36:11 +1000

Raw message 

Hi Daniel

It's really odd the error you are getting. The first part suggests that
your browser attempted to access http://www.facebook.com, and due to HSTS
Firefox is forcing you to HTTPS. However, the certificate for HTTPS fails.
Except, that's where I get confused. There shouldn't be a HTTPS service
running on the hotspot to give a certificate, it should be a redirect on
the HTTP level, and if firefox upgrades to HTTPS, it should timeout. Do you
have any services on the Grase server running on port 443?

Unfortunately, (or fortunately, depending on your POV), with the move
towards SSL and HSTS, captive portals are becoming harder to make work.
However, the good news is that modern OS's are aware of this, and are
working to better support them. This includes Android, iOS and Windows (8
and newer I think) sending out probe requests to first detect a captive
portal, when a new network connection is made. This just means clients on
older OS's don't always get a good experience, as the sites they often load
are HTTPS only (HSTS), and so the captive portal redirection just doesn't
work properly.

I actively look at captive portal detection methods, to ensure that the
Grase Hotspot is using as many as possible, but if you find ones that we
aren't using, let me know and I'll do my best to implement them.

Regards

Tim

On Mon, Feb 27, 2017 at 5:23 AM, Daniel Crusoe <di***n@gmail.com>
wrote:

>
> <https://lh3.googleusercontent.com/-zQHQ3GTHEZw/WLMq4i6kV1I/AAAAAAAAgpY/fJBjDUDtv1UIBIJopE626FbxPnfK0E65wCLcB/s1600/internet%2Bfault.jpg>
>
>
> <https://lh3.googleusercontent.com/-zQHQ3GTHEZw/WLMq4i6kV1I/AAAAAAAAgpY/fJBjDUDtv1UIBIJopE626FbxPnfK0E65wCLcB/s1600/internet%2Bfault.jpg>
> sigh... so it worked fine for a day, then the whole network just stopped
> working.. so i uninstalled grase, updated the server to the latest 14.04
> stuff and then re-installed grase (most of the settings remained yay) but
> when i tried to connect to facebook from inside the grase network i got
> this error again (cant believe i didnt post it the first time)
>
>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at https://groups.google.com/a/
> grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit https://groups.google.com/a/
> grasehotspot.org/d/msgid/grase-hotspot/ff5b60e8-5357-
> 4d6e-af17-786ed1af5f76%40grasehotspot.org
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/ff5b60e8-5357-4d6e-af17-786ed1af5f76%40grasehotspot.org?utm_medium=email&utm_source=footer>
> .
>

Thread