Chrome browser redirects all my domain and subdomain requests to HTTPS, this is unwanted behavior in my case. according to https://www.chromium.org/hsts, this is HSTS policy that been added to chrome browser to the domain and all subdomains.
I am using Istio version 1.7.4 and noticed that the Istio ingress gateway add the header strict-transport-security that causes this issue.
strict-transport-security: max-age=15552000; includeSubDomains
how can I remove this header from the ingress gateway?
You can use VirtualService to add or remove certain headers.
The example from the official Istio documentation shows the way how you can remove it:
Headers
Message headers can be manipulated when
Envoyforwards requests to, or responses from, a destination service. Header manipulation rules can be specified for a specific route destination or for all destinations. The followingVirtualServiceadds a test header with the value true to requests that are routed to any reviews service destination. It also removes thefooresponse header, but only from responses coming from thev1subset (version) of the reviews service.
v1alpha3apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews-route spec: hosts: - reviews.prod.svc.cluster.local http: - headers: request: set: test: true route: - destination: host: reviews.prod.svc.cluster.local subset: v2 weight: 25 - destination: host: reviews.prod.svc.cluster.local subset: v1 headers: response: remove: - foo # <-- HERE! weight: 75
Additional resources: