How to permanently exclude localhost from HSTS list in Google Chrome How to permanently exclude localhost from HSTS list in Google Chrome google-chrome google-chrome

How to permanently exclude localhost from HSTS list in Google Chrome


google-chrome localhost hsts

You can follow the solution here.

When Google Chrome keeps redirecting your localhost Url from http://localhost to https://localhost, do the following:

  1. Open the Developer Tools panel (CTRL+SHIFT+I)
  2. Click and hold the reload icon
  3. A menu will open
  4. Choose the 3rd option from this menu (“Empty Cache and Hard Reload”)

google-chrome localhost hsts

Update:

You can install a proper SSL certificate for those domains if you want to for free, so you won't need to mess around with HSTS. Take a look here.

You may edit your system's hosts file:

  • On Windows: C:\Windows\System32\drivers\etc\hosts
  • On Linux: /ets/hosts

In there you can define a different domain for each project:

 127.0.0.1    project1.local 127.0.0.1    project2.local 127.0.0.1    projectN.local

Note: I'm using *.local domains (you can use virtually anything) because you have already set localhost to redirect to https, and such we have to use a different domain. Although I strongly recommend you to install a real SSL certificate and reset to default any modifications you have made on HSTS.

Once saved, when you navigate to those domain in any browser it will load from 127.0.0.1 (localhost). If you use apache/nginx as server you optionally can define VirtualHosts for each domain also so you don't need to change your httpd folder every time you switch projects.

Then of course you will have to re-issue any certificate that you may have for those projects for the new domains, but those would be unique for each project. And on Chrome you would not need to be messing net-internals more than once for each domain for the projects which you don't have a certificate (and 0 times for those with certificate).

google-chrome localhost hsts

Chrome 78 supports a policy called HSTSPolicyBypassList. You can list "localhost" as a domain to bypass HSTS.To configure Chrome policy on Linux, just create a file at /etc/opt/chrome/policies/managed/policies.json with the following content:

{    "HSTSPolicyBypassList": [        "localhost"        ]}

You can see the policies loaded by Chrome, typing chrome://policy/ at address bar.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last