Chrome redirects .dev to https

laravel google-chrome ssl https laragon
15,965

Solution 1

There is no way to prevent Chrome (>= 63) form using https on .dev domain names.
Google now owns the official .dev tld and has already stated that they will not remove this functionality.

The recommendation is to use another tld for development purposes, such as .localhost or .test.

More information about this update can be found in this article by Mattias Geniar.

Solution 2

This problem can't be fixed. Below is the reason:

  1. Google owns .dev gTLD
  2. Chrome forces HTTP to HTTPS on .dev domain directly within the source code.

From the 2nd link below:

...
// eTLDs
// At the moment, this only includes Google-owned gTLDs,
// but other gTLDs and eTLDs are welcome to preload if they are interested.
{ "name": "google", "include_subdomains": true, "mode": "force-https", "pins": "google" },
{ "name": "dev", "include_subdomains": true, "mode": "force-https" },
{ "name": "foo", "include_subdomains": true, "mode": "force-https" },
{ "name": "page", "include_subdomains": true, "mode": "force-https" },
{ "name": "app", "include_subdomains": true, "mode": "force-https" },
{ "name": "chrome", "include_subdomains": true, "mode": "force-https" },
...

References

Solution 3

Check that link

https://laravel-news.com/chrome-63-now-forces-dev-domains-https

Based on this article by Danny Wahl he recommends you use one of the following: “.localhost”, “.invalid”, “.test”, or “.example”.

Solution 4

Chrome 63 forces .dev domains to HTTPS via preloaded HSTS and soon all other browsers will follow.

.dev gTLD has been bought by Google for internal use and can not be used anymore with http, only https is allowed. See this article for further explanations:

https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/

Solution 5

For Firefox: you can disable the property network.stricttransportsecurity.preloadlist by visiting the address : about:config .

For IE it seems to be still working .

For Chrome, there is no solution, I think it's hardcoded in the source code.

See that article : How to prevent Firefox and Chrome from forcing dev and foo domains to use https

Share:
15,965
Mathis
Author by

Mathis

Updated on June 03, 2022

Comments

  • Mathis
    Mathis about 2 years

    Suddenly Google Chrome redirects my virtual-host domain myapplication.dev to https://myapplication.dev. I already tried to go to

    chrome://net-internals/#hsts

    And enter myapplication.dev into the textbox at the very bottom "Delete domain security policies" but this had no effect.

    I also tried to delete the browser data.

    What I also did is to change the v-host to .app instead of .dev but Chrome still redirected me to https:// ...

    It's a Laravel application running on Laragon. On other PCs in the same network, it works perfectly.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Force Laravel to use HTTPS version
SSL error only on certain sites
How to search non ssl google?
Custom Protocol Handler not working in Chrome on SSL page
No "Proceed Anyway" option on ERR_CERT_COMMON_NAME_INVALID in Chrome
Chrome ERR_SSL_PROTOCOL_ERROR on known working site
Suppress Google Chrome's "Your Connection is Not Private" for specific Address?
Why does Chrome always redirect me to https://www.google.com
My Chrome "jumps" to non-existent HTTPS protocol