K-Meleon displays unauthenticated (http://...) versions of web pages that should be authenticated with SSL/HTTPS (https://...).
I have set up a subdirectory on my web site with an .htaccess file to redirect all HTTP requests for the subdirectory and any files or directories in its subtree to the HTTPS version of the requested URI. That is, the server will respond as though the URI "
https://papa.myjp.net/secure/index.html" was requested if any of the following addresses are entered in the browser prefixed with either "
https://" or "
http://", or no prefix:
papa.myjp.net/secure
papa.myjp.net/secure/
papa.myjp.net/secure/index.html
All browsers that I've tested other than K-Meleon (Brave, Chrome, lynx, OrFox, Vivaldi, and a few others) treat the above addresses as expected.
K-Meleon displays the expected HTTPS-redirected version of the page for the first variation above ("...secure" with no terminating "/"). However, for the other two variations (terminated with "/" or with explicit index file name) K-Meleon displays the page with an "
http://..." URI shown in the address bar and an unlocked security icon on the lower right-hand corner of the browser frame.
Can anyone recreate this problem? Is it a bug?