Captive network account (w/ login redirect) and HSTS
- Date: Sun, 2 Apr 2017 18:36:25 +0200
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Subject: Captive network account (w/ login redirect) and HSTS
with a basic Debian jessie install and a recent Firefox, I observe the
 Debian has no specific support for detecting captive networks
(e.g. Android, iOS) and redirecting automatically the browser to
the captive login page
 launching Firefox on the default page doesn't work (doesn't get
redirected properly to the login page but fails with a HTTPS
certificate error), if there is a recent HSTS[*] security
configuration cache for the default domain page (e.g. google.com)
 is not really an issue: I wouldn't like myself that connecting to
a WiFi captive network starts a browser. Also, open captive networks are
messing up, dangerous, a WPA/RADIUS auth would be much better.
However, open captive networks are quite commons in hotels, airports,
parks, etc. So it cannot be dismissed.
 the only fix is to type an URL you know is HTTP, not HTTPS and does
not configure HSTS, and does not support DNSSEC. In my case I used
Maybe this could be in the Debian User manual somehow?
Feel free to contact me if you want help in writing the documentation.