From f04807a532e6297513462a5775d953b22f34af90 Mon Sep 17 00:00:00 2001
From: Sasha Romijn <github@mxsasha.eu>
Date: Wed, 28 Feb 2024 14:40:32 +0100
Subject: [PATCH] Fix #1291 - Compare HTTPS redirect hostname, not netloc (incl
 port)

When the redirect URL includes an explicit port, as done by some AWS,
the netloc includes this port and comparison would fail.
---
 checks/tasks/tls.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/tasks/tls.py b/checks/tasks/tls.py
index 93ec45add..b904b0b99 100644
--- a/checks/tasks/tls.py
+++ b/checks/tasks/tls.py
@@ -2998,7 +2998,7 @@ def forced_http_check(af_ip_pair, url, task):
             parsed_url = urlparse(response.url)
             # Requirement: in case of redirecting, a domain should firstly upgrade itself by
             # redirecting to its HTTPS version before it may redirect to another domain (#1208)
-            if parsed_url.scheme == "https" and url == parsed_url.netloc:
+            if parsed_url.scheme == "https" and url == parsed_url.hostname:
                 forced_https = ForcedHttpsStatus.good
                 forced_https_score = scoring.WEB_TLS_FORCED_HTTPS_GOOD
             break