Inhalt:
Your Chromebook can’t reach the login portal of a free Wi-Fi network? You can’t get online? The solution is very simple!
I’m currently undergoing a rehabilitation programme. My phone and even my projector can connect to the „Free WIFI DRV Bund“ without any problems. Just not my Chromebook! The solution almost gave me a second heart attack, and I would rather not withhold it from you.
Select WLAN
First, you have to connect to the WLAN. Then a pop-up appears in the quick settings (I didn’t take a screenshot) asking you to log in to the WLAN. If you click on it, the page https://www.gstatic.com/generate_204 will open. If you click on „Log in to WLAN“, however, nothing happens.
Call up the HTTP website
You must call up a pure HTTP website. For example:
If you click here on „Log in to WLAN“, the login website (captive portal) of the free WLAN will open correctly.
Log in
In the portal, click on „Continue to Internet“ or a similar option to log in and use the Wi-Fi.
Causes?
You know me, I always have to find out why something doesn’t work if it doesn’t make sense to me straight away. Otherwise it gnaws at me forever. That’s not always good for the length of my articles.
A captive portal is a login page of a WLAN that is used to present the terms of use to users and only grant them access to the Internet after they have given their consent. They are often found in hotels, public facilities or even shops.
When a device connects to a Wi-Fi network for the first time, the network’s router automatically delivers a login page – regardless of which page you actually wanted to access.
The problem is that a captive portal does not expect an HTTPS connection, but a simple HTTP connection. However, your Chromebook rejects an insecure connection if it is called up by a JavaScript from a connection that is actually secure.
ChromeOS is supposed to be the most secure operating system for normal users, but unfortunately this is only achieved through some restrictions that are problematic in the case of captive portals: The operating system attempts to secure all connections by using HTTPS by default. This strict security policy causes the Chromebook to block the connection to the Captive Portal, as the portal only delivers an unsecured HTTP page.
Why does it not work with ChromeOS?
The Chromebook is not yet connected to the Internet after connecting to the WLAN, but only to the router. However, Chrome attempts to check a connection to the Internet via an HTTPS connection (e.g. https://www. gstatic.com/generate_204). However, the captive portal requires a simple HTTP connection.
The link to the Wi-Fi login on the 204 page is a JavaScript element that is blocked by ChromeOS if it is called from an HTTPS page and attempts to establish an unsecured connection. However, if the script is called from a simple HTTP page, the connection to the captive portal can be established correctly.
Why does it work on other devices?
For many other devices or operating systems, it doesn’t really matter whether an HTTP or HTTPS page is delivered. In most cases, a redirection or downgrade of the connection from HTTPS to HTTP is simply accepted so that you are redirected to the Captive Portal login page.
What can the operator do?
What can the operator of a free WLAN do to prevent such problems from occurring?
Even when using modern captive portal API standards such as WISPr (English) or CAPPORT-API (English), care should be taken to ensure that no JavaScript is used for forwarding to the captive portal and that there is no forwarding from HTTPS to HTTP.
The latter can easily be avoided by using an SSL certificate, which improves both security and functionality.
Summary
When a Chromebook is connected to a network and there is no internet connection, it tries to verify the connection by calling the HTTPS page gstatic.com. But it does not take into account that some captive portals only deliver HTTP login pages – and blocks them by mistake.
Quick guide
Use a pure HTTP page like http://1.1.1.1 to access the captive portal via the link on the 204 page „Log in to WLAN„.
