This is a followup question to Google Chrome redirecting localhost to https.
Does anyone know, how to permanently exclude localhost
from HSTS list in Google Chrome?
Or, any other elegant solution that wouldn't require developer to visit chrome://net-internals/#hsts
and delete localhost
every time when switching from working on an HTTPS project to a different project on HTTP?
Chrome 78 supports a policy called HSTSPolicyBypassList. You can list "localhost" as a domain to bypass HSTS. To configure Chrome policy on Linux, just create a file at /etc/opt/chrome/policies/managed/policies.json with the following content:
You can see the policies loaded by Chrome, typing chrome://policy/ at address bar.
Update:
You may edit your system's hosts file:
C:\Windows\System32\drivers\etc\hosts
/ets/hosts
In there you can define a different domain for each project:
Once saved, when you navigate to those domain in any browser it will load from
127.0.0.1
(localhost). If you use apache/nginx as server you optionally can define VirtualHosts for each domain also so you don't need to change your httpd folder every time you switch projects.Then of course you will have to re-issue any certificate that you may have for those projects for the new domains, but those would be unique for each project. And on Chrome you would not need to be messing net-internals more than once for each domain for the projects which you don't have a certificate (and 0 times for those with certificate).
Not a permanent fix (security issue can be involved)
I found a "fix". Something interesting, but cannot be a permanent fix because it can cause multiple security issues.
Here's what I did:
chrome://flags/#allow-insecure-localhost
Allow invalid certificates for resources loaded from localhost.
If you reload your application, the warning should be gone.
PS I did that because I needed to recreate a certification but didn't have the time. That's why I did that. I'll turn off this when my certification will work locally.
You can follow the solution here.
When Google Chrome keeps redirecting your localhost Url from
http://localhost
tohttps://localhost
, do the following: