-
Notifications
You must be signed in to change notification settings - Fork 1
https browser
Being sent to the https version of a site is a major annoyance in local development when coding in a non-secure environment is required. This can happen for various reasons.
- Site is cached
- When spoofing, user on target machine is logged into the site
- Browser forces https
The automatic redirect to https in browsers can be fixed, as long as the site is not correctly configured for HSTS. In general, check that:
- Extensions like "https everywhere" are turned off.
- Cache is cleared.
- History is cleared.
Note that when a browser always redirects local sites you own and you accessed before with http to https, we know for sure it is not a HSTS issue. This classifies as a bug in the browser.
Go to Chrome -> Settings -> Privacy and security and and clear browsing data.
OR for a specific domain:
Go to View > Developer > Developer Tools > Application > Clear storage
And try again. if still not works, use chrome://net-internals/#hsts: Scroll down to "Delete domain security policies", enter the root domain that's causing the issue, and click the Delete button.
Go to Preferences -> Privacy -> Click 'Clear your history' -> When the pop-up appears, click Details -> Untick everything except 'Sites Preferences' -> Select 'Everything' in the select box at the top -> Click Ok
And try again. If not works, change the following setting in about:config:
network.stricttransportsecurity.preloadlist False
If still not works, set:
browser.fixup.fallback-to-https False
Maybe even:
browser.urlbar.autoFill False