Google Chrome将localhost重定向到https [英] Google Chrome redirecting localhost to https
问题描述
当我使用Chrome调试Visual Studio项目时,浏览器尝试重定向到我的Web地址的https等效项。我在Web项目中没有启用SSL,并且起始URL是http URL。当我使用FireFox或IE进行调试时,我没有这个问题。
我重新安装了Chrome,它解决了一天的问题。没有下载任何插件,问题在第二天再次发生。
什么使Chrome浏览器将本地主机重定向到https?
Network Inspect显示:
请求URL:data:text / html,chromewebdata
请求标题
显示临时标题
User-Agent:Mozilla / 5.0(Windows NT 6.3; WOW64 )AppleWebKit / 537.36(KHTML,如Gecko)Chrome / 36.0.1985.143 Safari / 537.36
在这些标签中没有预览和响应数据。
我相信这是由HSTS引起的 - 请参阅
$ b
UPDATE - 2017年12月
如果您使用.dev域名,请在Chrome其他)通过预加载的HSTS强制HTTPS。
When I debug a Visual Studio project using Chrome the browser tries to redirect to the https equivalent of my web address. I do not have SSL enabled in the web project and the start URL is the http URL. When I debug using FireFox or IE I do not have this problem.
I did re-install Chrome which fixed the problem for a day. Without downloading any addons the problem happened again the next day.
What is making Chrome redirect localhost to https?
Network Inspect Shows: Request URL:data:text/html,chromewebdata Request Headers Provisional headers are shown User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
No preview and no response data in those tabs.
I believe this is caused by HSTS - see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
If you have (developed) any other localhost sites which send a HSTS header...
eg. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
...then depending on the value of max-age, future requests to localhost will be required to be served over HTTPS.
To get around this, I did the following.
- In the Chrome address bar type "chrome://net-internals/#hsts"
- At the very bottom of a page is QUERY domain textbox - verify that localhost is known to the browser. If it says "Not found" then this is not the answer you are looking for.
- If it is, DELETE the localhost domain using the textbox above
- Your site should now work using plain old HTTP
This is not a permanent solution, but will at least get it working between projects. If anyone knows how to permanently exclude localhost from the HSTS list please let me know :)
UPDATE - November 2017
Chrome has recently moved this setting to sit under Delete domain security policies
UPDATE - December 2017 If you are using .dev domain see other answers below as Chrome (and others) force HTTPS via preloaded HSTS.
这篇关于Google Chrome将localhost重定向到https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
