Issue metadata
Sign in to add a comment
|
Unexpected HSTS redirect for domain with different TLD
Reported by
m...@skotty.io,
Oct 25 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.9 Safari/537.36 Example URL: http://skotty.dev:1703/ Steps to reproduce the problem: 1. Set up hosts-file record for "127.0.0.1" to "skotty.dev" 2. Set up basic HTTP-server listening on port 1703 3. Try to access http://skotty.dev:1703 What is the expected behavior? Chrome should open the requested URL with its specific port. What went wrong? HSTS is triggered, page can't be loaded because the server does not support HTTPS. I tried this on a second system and the same thing happened. Did this work before? Yes Version 61.0.3163.100 (Official Build) (64-bit) Chrome version: 63.0.3239.9 Channel: dev OS Version: OS X 10.13.1 Flash Version: The "skotty.io"-domain is on the preload HSTS-list, which might cause HSTS to be triggered.
,
Oct 25 2017
.dev is a real TLD that was recently added to the HSTS preload list, all domains under .dev now use HSTS. You should use a reserved TLD (see RFC 2606) for local development/testing (e.g. .test or .localhost). The HSTS redirect for skotty.dev is intended behaviour because of the HSTS preload for the .dev TLD.
,
Oct 25 2017
Thanks! |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmenke@chromium.org
, Oct 25 2017