Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can't turn off requirehttps in asp.net 5 MVC 6 site

Tags:

asp.net-core

I have an asp.net 5 MVC 6 site I am working on. I turned on require HTTPS like so:

services.AddMvc(options =>
{
    options.Filters.Add(new RequireHttpsAttribute());
});

It worked great, and I have been working like this for a little while. Today I need to turn it off, so I commented out the options filter, but it is still requiring HTTPS.

I have not used the [RequireHttps] attribute on the controllers or actions themselves.

I have gone into the properties and unchecked "Enable SSL" and pasted the http url in the "Launch URL" box.

I have shutdown IIS Express and relaunched the site. It doesn't seem to matter what I do, it continues to try to redirect to HTTPS.

Is it possible IIS Express or Kestral has cached something I need to delete? Anyone have any suggestions of what else could be forcing it to HTTPS?

like image 879
Matthew Avatar asked Jan 06 '23 23:01

Matthew

1 Answers

The RequireHttpsAttribute implementation will send a permanent redirect response (301) back to browser:

// redirect to HTTPS version of page
filterContext.Result = new RedirectResult(newUrl, permanent: true);

This means that when you initially had the attribute enabled and requested a url like http://localhost:62058/, the server will respond with:

301 (Moved permanently)
Location: https://localhost:62058/

If you look at the definition of the 301 response code you will see that browsers will cache it by default:

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.

The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

After you remove the RequireHttps filter, the browser will still use the cached response:

Getting cached redirect to https response

So all you need to do after removing the RequireHttps filter is rebuild and clear the browser cache!

like image 92
Daniel J.G. Avatar answered Jan 31 '23 17:01

Daniel J.G.
Sign in to Comment

Related questions

What is the best way to seed data with a lot of information using EntityFramework Core?
Errors and warnings using @functions block in Razor Pages
Getting UnauthorizedAccessException when deploying asp.net core app using Kudu build service
Identify roles with SPA and .NET Core 3
Different HTTP calls, await same Task
Clean Architecture and Asp.Net Core Identity
Swagger error Ambiguous HTTP method for action Actions require explicit HttpMethod binding
ASP.NET Core 3.1 HttpMessageHandler cleanup cycle
Storing a JWT token in Blazor Client Side
How to check if file exists in wwwroot? [closed]
grpc server not working in docker-compose
Publish a .Net 5.0 web in IIS from Visual Studio 2019 doesn't start
Blazor WebAssembly CSS isolation scoped identities doesn't match
How to use WebApplicationFactory in .net6 (without speakable entry point)
How to post JSON data in MVC Visual Studio 2015
How to pass a URL as a query string parameter in MVC
Unable to run dnx console App
IConfiguration does not contain a definition for Get() (EF7, vNext)
Why isn't this .NET Core package compatible with my PCL?
Dynamically add roles to authorize attribute for controller in ASP.NET 5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!