Skip to content

www subdomain certificate mismatch redirects navigations #11443

New issue
New issue
Open
Open
www subdomain certificate mismatch redirects navigations#11443
Labels
interopImplementations are not interoperable with each othersecurity/privacyThere are security or privacy implicationstopic: navigation
@achristensen07

Description

@achristensen07
achristensen07
opened on Jul 9, 2025

What is the issue with the HTML Standard?

If I load https://www.example.com/ and the TLS certificate says it is only valid for https://example.com/ then Chrome and Firefox will open https://example.com/ without prompting the user, whereas Safari and cURL both warn about an invalid certificate and fail to load. From examining Chromium source this seems limited to "www" subdomains. Loading an image or iframe from www.example.com with such a mismatch shows a failed load, so this seems to be limited to main frame navigations. This seems worth standardizing and aligning behavior on for increased interoperability.

Metadata

Metadata

Assignees

No one assigned

    Labels

    interopImplementations are not interoperable with each othersecurity/privacyThere are security or privacy implicationstopic: navigation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions