UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

Example URL:
N/A

Steps to reproduce the problem:
1. Go to a local server with HTTPS enabled https://localhost:8090
2. Go to a local server without HTTPS http://localhost:8080
3. An error is shown:

This site can’t provide a secure connection
localhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

What is the expected behavior?
The localhost url is not redirected to HTTPS.

What went wrong?
The localhost url is redirected to HTTPS.

Did this work before? N/A 

Chrome version: 67.0.3396.99  Channel: stable
OS Version: 10.0
Flash Version: 

 Query HSTS/PKP domain information:
static_sts_domain: 
static_upgrade_mode: UNKNOWN
static_sts_include_subdomains: 
static_sts_observed: 
static_pkp_domain: 
static_pkp_include_subdomains: 
static_pkp_observed: 
static_spki_hashes: 
dynamic_sts_domain: localhost
dynamic_upgrade_mode: FORCE_HTTPS
dynamic_sts_include_subdomains: true
dynamic_sts_observed: 1530560387.860999
dynamic_sts_expiry: 1562096387.860995
dynamic_pkp_domain: 
dynamic_pkp_include_subdomains: 
dynamic_pkp_observed: 
dynamic_pkp_expiry: 
dynamic_spki_hashes: 

If i remove localhost in "Delete domain security policies" it works again the HTTP url until i visit the HTTPS localhost site. 

The HTTPS site in running on Tomcat with the following configuration on web.xml that redirect to HTTPS:

    <security-constraint>
        <display-name>Allow access only by HTTPS</display-name>
        <web-resource-collection>
            <web-resource-name>HTTPS</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

My tests with HTTP are in a site served by Tomcat and also with the web server of angular-cli(ng serve).