-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default 404 response results in "Your connection to this site isn't secure" error #48096
Comments
What's the explanation if you click on that message? |
From app's logs the requests are both on Tls connections from Kestrel's point of view:
|
This is really strange. Here's my app: var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.MapGet("/", () => "Hello World!");
app.MapGet("/404", (HttpContext context) =>
{
context.Response.StatusCode = 404;
return Task.CompletedTask;
});
app.Run(); Here's the result in the browser. The one that's a 404 from Kestrel is "insecure". The one from the request pipeline is fine. |
I see both as insecure. In fact, any 4xx or 5xx response without a response body is flagged as insecure. Responses with a body are considered secure. This is consistent in Chrome and Edge. |
I do too as of this morning. I'm assuming this is a browser issue then. |
This is https://bugs.chromium.org/p/chromium/issues/detail?id=757279. Tl;dr: It's a known issue, of very low priority. If you want to avoid it, return some content on the error page rather than sending an empty body. |
The default 404 response returned when a request isn't handled results in a "Your connection to this site isn't secure" error in browsers. Is that expected?
Repro steps:
Expected result: 404 with no security warning
Actual result:
The text was updated successfully, but these errors were encountered: