"helmet" module activates the automatics redirect from "http://localhost" to "https://localhost" without possibility of manual correction
After I have activated the helmet module, the browser stops to display on http://localhost:3000/ and other ports of the localhost:
If more exactly, when open http://localhost:3000/, the browser automatically redirects to https://localhost:3000/. Also, if manually correct https://localhost:3000/ to http://localhost:3000/, the browser will return to https://localhost:3000/. But most important fact is the browser keep this behavior for all projects, not only for one when the HTTPS protocol support and actually enabled and helmet module used. It is problematic to provide the HTTPS support for all projects in local development mode.
I understand that this behavior is for security when surfing the internet, but it is the interfering behavior when locally developing something when helmet module and HTTPS not using (actually, it is impossible to use same browser).
Helmet maintainer here.
You can fix this by clearing your browser's HSTS cache. See this guide.
This is happening because Helmet sets the Strict-Transport-Security header, abbreviated to "HSTS". HSTS hooks your browser on HTTPS for a period of time, typically a year or more. For example, if you visit https://example.com which sets the Strict-Transport-Security header, later visiting http://example.com will automatically redirect you.
Presumably, you visited https://localhost:3000 with HSTS at some point. This means that visiting http://localhost:3000 will automatically be redirected. Clearing your HSTS will reset this, allowing you to visit the insecure HTTP URL again.
- MongoDB Authentication Issues with Node.js and Mongo-Express in Docker Compose setup
- How does minecraft actually connect to a server?
- MongoDB Authentication failes for any user
- Processing an exception through Apollo Server (NestJS)
- Why doesn't CSS work when I deploy the Next.js sample project in production?
- Next.js form works locally but not on live server
- fs.readFileSync is not file relative? Node.js
- How do I completely uninstall Node.js, and reinstall from beginning (Mac OS X)
- Quasar Error: Cannot find module 'ajv/dist/compile/codegen'
- What does --save-dev (or -D) mean in npm install grunt --save-dev?
- What If Session Expires While User Is Still On The Website
- Deleting `package-lock.json` to Resolve Conflicts quickly
- Upgrading Node.js to the latest version
- Run of a next js app stuck, npm run dev doesn't work
- Mustache(-like) template engine for Express?
- How to list npm user-installed packages?
- How do I check Content-Type using ExpressJS?
- Can't run "node index.js" due to a syntaxError
- What happens if NPM ever goes belly up?
- npm install takes forever when running docker-compose
- Remix run: Authentication succeeds on validation failures
- Fixing npm path in Windows 8 and 10
- How to add a custom script to package.json that runs a javascript file?
- node-fetch azure document translator
- Unable to import ESM module in Nestjs
- how ca I fix this error after exacting npx cap add android?
- multer-gridfs error " TypeError: Cannot read properties of undefined (reading '_id') "
- How to resolve Node.js: "Error: ENOENT: no such file or directory"
- Write the contents of node debug log to file
- How to use promisify() with the spawn() function for the 'child_process'?