HTTPS redirect test does not fail when redirecting from HTTPS to HTTP on other domain

[WKobes]

The HTTPS redirect test explanation gives two examples for valid redirection:

• http://example.nl ⇒ https://example.nl ⇒ https://www.example.nl
• http://www.example.nl ⇒ https://www.example.nl

However, this test succeeds (on both apex and www subdomain) also when having a redirect scheme as follows:

• http://example.nl ⇒ https://example.nl ⇒ http://www.example.nl ⇒ https://www.example.nl

This test should fail on the apex domain (www. domain is fine in this case), since it is downgrading from https to http.

The example is redirection to a www subdomain, but of course it should fail in any downgrade redirection, eg:

• http://example.nl ⇒ https://example.nl ⇒ http://example.com