Chrome won't let me visit a site using HTTPs if the site only offers HTTP

[Tim Romano]

One of my customers has a firewall that blocks outgoing HTTP traffic to certain "social" sites, like YouTube.  They don't want their employees visiting these sites regularly but I'm visiting the website as part of what I'm working on for them, so there's not a problem.

To get around their firewall, I've simply been typing HTTPS in front of the URL instead of HTTP, since they didn't block HTTPS. However, Google Chrome insists on redirecting me to Google when I try this. At first Chrome gave me a stern warning about the risks of unsafe surfing, yet presented me with a choice: proceed anyway or stop. I chose "proceed anyway" but Chrome did not honor that decision and redirected me to Google. Now it does so automatically.

I'm OK with the warning about the site not being secure, but not with the hijack. 

[krtulmay]

@Tim, you are confused about what's going on, and your post title does
not really match your description of what is happening.

In fact, no browser will allow you to use HTTPS to visit an HTTP only
website. Moreover, this is not a functionality of any browser at
all. If a website is HTTP only, trying to visit it using HTTPS will
result in plain failure.

The redirection of https://www.youtube.com to Google homepage has
nothing to do with Chrome browser. This is just the YouTube website
setup on the website owner's side (which happens to be Google). This
redirection happens from the YouTube website and happens for all
browsers.

This issue has nothing to do with Chrome browser, and is certainly not
a hijack.

[Tim Romano]

I stand corrected.  I thought it was some "intelligence" in Chrome.

What I don't understand --and this may be better asked somewhere else-- is why YouTube/Google would not accept the connection, unsecure, after warning me that it was insecure and then asking me if I wanted to proceed anyway;  they know I have reached YouTube, right, and not some other site that may have been trying to trick me?

[Pavel Ivanov]

> What I don't understand --and this may be better asked somewhere else-- is
> why YouTube/Google would not accept the connection

Your assumption here is incorrect. YouTube accepts connection and even
starts communication with the browser. That's why you see warning
about wrong certificate - server sends to the browser certificate for
SSL communication. If you look at that certificate you'll see that
it's issued to *.google.com, i.e. it's perfectly valid certificate for
Google, just youtube.com is not a sub-domain for Google domain. And
the only thing that could require explanation here is why after
setting up SSL connection it redirects you to google.com (not even
using https)...

Pavel

> --
> Chromium Discussion mailing list: chromium...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-discuss
>

[Simon B.]

> the only thing that could require explanation here is why after
> setting up SSL connection it redirects you to google.com (not even
> using https)...

Can someone @google.com chime in on where this can be bugreported and
preferably also followed up on? It seems like a loss to both the user
and the Google brand when redirections behave in this confusing way.
The logical thing would be to show the HTTP page and add a notice on
the page explaining why HTTPS isn't available (perhaps cost? Or energy
= carbon emissions?)