Google Chrome redirecting localhost to https
When I debug a Visual Studio project using Chrome the browser tries to redirect to the https equivalent of my web address. I do not have SSL enabled in the web project and the start URL is the http URL. When I debug using FireFox or IE I do not have this problem.
I did re-install Chrome which fixed the problem for a day. Without downloading any addons the problem happened again the next day.
What is making Chrome redirect localhost to https?
Network Inspect Shows: Request URL:data:text/html,chromewebdata Request Headers Provisional headers are shown User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
No preview and no response data in those tabs.
I believe this is caused by HSTS - see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
If you have (developed) any other localhost sites which send a HSTS header ...
e.g.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
... then depending on the value of max-age, future requests to localhost will be required to be served over HTTPS.
To get around this, I did the following.
- In the Chrome address bar type the following:
chrome://net-internals/#hsts - At the very bottom of a page there is QUERY domain textbox - verify that localhost is known to the browser. If it says "Not found" then this is not the answer you are looking for.
- If it is, DELETE the localhost domain using the textbox above
- Your site should now work using plain old HTTP
This is not a permanent solution, but will at least get it working between projects. If anyone knows how to permanently exclude localhost from the HSTS list please let me know :)
UPDATE - November 2017
Chrome has recently moved this setting to sit under the section
Delete domain security policies
UPDATE - December 2017
If you are using .dev domain see other answers below as Chrome (and others) force HTTPS via preloaded HSTS.
- Unable to inspect Android device via Chrome://inspect
- how to programmatically identify latest version of chrome
- What does the argument --virtual-time-budget of Chrome CLI really mean?
- How to get the value of a Google Chrome flag using Javascript
- 100vh height when address bar is shown - Chrome Mobile
- Taking full page screenshot with a Chrome extension
- Image not loading on local site I made
- SSL Localhost Privacy error
- Video auto play is not working in Safari and Chrome desktop browser
- Is there a way to set the Google Chrome's developer tools window to always be on top?
- Origin <origin> is not allowed by Access-Control-Allow-Origin
- Chrome push notification - How to open an URL address after clicking?
- How can I make sure AuthName works in all browsers?
- How can I change the window title of an opened youtube video to include the channel name?
- Why is my localhost self-signed SSL certificate suddenly invalid in Chrome?
- chrome extension - Service worker registration failed - manifest V3
- After Loading Page in Inspect Mode ,Shows No Internet Error.How to resolve this issue?
- Responsive media query not working in Google Chrome
- How to run a web application in Android mobile Chrome browser
- How to permanently exclude localhost from HSTS list in Google Chrome
- How to force JavaScript to deep copy a string?
- How to tell why a cookie is not being sent?
- request.getParameter returning null values in chrome
- How to get rid of "Choose your search engine" dialog in Chrome v.127 on Selenium test run?
- Is there a way to resize a web browser's window so that their dimesions are a specific width and height?
- New version of Chrome broke chrome-php/chrome
- Location of Chrome Web Apps (PWAs)
- How to disable Chrome's saved password prompt setting through JavaScript
- Trouble downloading files in Google Apps Script web app after Chrome update
- Disabling android's chrome pull-down-to-refresh feature