Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to stop Chrome from redirecting to HTTPS?

A few days ago, Chrome started redirecting all of my vHosts in Wampserver to https. Everything was working fine until a couple days ago, then one day I logged on to work on my site and Chrome said that the site couldn't be reached, even though I used the same URL i always did in the past. Wamp is running as well as Apache and MySQL and none of those services have any errors in the error log.

I have already tried removing the domain(I use a fake .dev extension for my local sites) with chrome://net-internals/#hsts but that didn't do anything. I also tried installing SSL to see if Chrome would detect it as a secure connection... nothing. I even tried reinstalling Wamp completely(even though the vHosts work fine in other browsers) and nothing changed.

The only thing that works in Chrome is accessing the sites via http://localhost/site. The redirect to HTTPS happens for all of my Apache vHosts. I've googled and googled and can't find anything that actually fixes the problem.

like image 694
ShoeLace1291 Avatar asked Dec 10 '17 04:12

ShoeLace1291


People also ask

How do I stop chrome from automatically redirecting websites?

Prevent Chrome Redirect Click the three dots in the top right corner of the Chrome window and choose Settings. Choose Privacy and Security from the options on the left of the screen and select Site Settings. On the screen is an option called Pop-ups and redirects, which should be set to Blocked.

Does HTTP automatically redirect to HTTPS?

Summary. HTTP changes automatically to HTTPs because it is configured in this way. To be simple, modern Web Hosting companies automatically configure SSL and Redirect settings. This means, visitors are automatically redirected from HTTP to HTTPs.

How do I redirect to HTTPS in Chrome?

Start Google Chrome with HTTPSEnable Google Chrome support by typing chrome://net-internals/ into your address bar, then select HSTS from the drop-down menu. HSTS is HTTPS Strict Transport Security, a way for websites to elect to always use HTTPS.


2 Answers

Chrome v63 forces .dev domains to HTTPS. The Internet Engineering Task Force RFC2606 specified what top level domains should be used for local development, and .dev isn't on that list.

Google owns the .dev top level domain and automatically redirects all .dev domain names to an HTTPs version of the site via preloaded HSTS.

With .dev being an official generic top-level domain (gTLD), we're better changing our local development suffix from .dev to something else, even if there are other solutions (e.g. https with self-signed certificates). So you should use .test, .example, .invalid or .localhost as your local development TLDs instead.

like image 190
benedikt Avatar answered Sep 21 '22 19:09

benedikt


I can't improve the answer of @benedikt, as it is correct. There are good temporary fixes:

  • typing "badidea" on the warning page, this might not work if you have SSL set up (hacked together) locally. It bypasses the warning, but my local SSL isn't setup correctly and shows another local site.
  • narayon also suggests a link to a chrome forum, which I haven't tried.

My workaround was to update all my ".dev" development TLDs to ".d3v" Still short enough to type quickly, descriptive, and probably future-proof.

like image 30
DanielV Avatar answered Sep 19 '22 19:09

DanielV