On Sun, Apr 02, 2017 at 06:36:25PM +0200, Marc SCHAEFER wrote:
Hello,with a basic Debian jessie install and a recent Firefox, I observe the following: [1] Debian has no specific support for detecting captive networks (e.g. Android, iOS) and redirecting automatically the browser to the captive login page [2] launching Firefox on the default page doesn't work (doesn't get redirected properly to the login page but fails with a HTTPS certificate error), if there is a recent HSTS[*] security configuration cache for the default domain page (e.g. google.com) [1] is not really an issue: I wouldn't like myself that connecting to a WiFi captive network starts a browser. Also, open captive networks are messing up, dangerous, a WPA/RADIUS auth would be much better. However, open captive networks are quite commons in hotels, airports, parks, etc. So it cannot be dismissed. [2] the only fix is to type an URL you know is HTTP, not HTTPS and does not configure HSTS, and does not support DNSSEC. In my case I used ptiturl.ch Maybe this could be in the Debian User manual somehow? Feel free to contact me if you want help in writing the documentation. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
I believe the way Android works is, when the network interface changes, a request is fired off to a known page on Google. If that page returns a known HTTP code (200, I think), then everything is OK. But if it returns 301 (Moved Permanently), 302 (Found) or, preferably 511 (Network Authentication Required), then a one-shot browser is opened. I think this would be a great feature request for Network-Manager (which has the abiliity to monitor the network AND has a GUI AND is part of the default Debian). -- For more information, please reread.
