Issue metadata
Sign in to add a comment
|
http://dev/ no longer can connect because it gets forced to HTTPS
Reported by
pjo...@tangamgaming.com,
Oct 5 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3230.0 Safari/537.36 Example URL: http://dev/site Steps to reproduce the problem: 1. Setup an internal server with a hostname of dev 2. Setup an HTTP-only site on it 3. Try to access with Chrome v63 What is the expected behavior? It should be able to load and view the site rather than try to be HTTPS due to the gTLD. It isn't a whatever.dev, it is just dev so it shouldn't be treated as HTTPS_ONLY. What went wrong? ERR_CONNECTION_TIMEOUT because it tries to use HTTPS because dev is on the HSTS preload list due to the gTLD of the same name. Did this work before? Yes 61 Chrome version: 63.0.3230.0 Channel: dev OS Version: 10.0 Flash Version: It was added in this commit here: https://chromium-review.googlesource.com/c/chromium/src/+/669923
,
Oct 5 2017
`dev` may be a TLD, but it is still a domain assigned by ICANN and not safe to use for testing.
The only safe way to avoid issues is to use domains listed in RFC 2606 to avoid collisions with possible future domains:
.test
.example
.invalid
.localhost
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by manoranj...@chromium.org
, Oct 5 2017