Google Chrome redirecting localhost to https

Question

When I debug a Visual Studio project using Chrome the browser tries to redirect to the https equivalent of my web address  I do not have SSL enabled in the web project and the start URL is the http URL   When I debug using FireFox or IE I do not have this problem   I did re-install Chrome which fixed the problem for a day   Without downloading any addons the problem happened again the next day   What is making Chrome redirect localhost to https   Network Inspect Shows  Request URL data text html chromewebdata Request Headers Provisional headers are shown User-Agent Mozilla 5 0  Windows NT 6 3  WOW64  AppleWebKit 537 36  KHTML  like Gecko  Chrome 36 0 1985 143 Safari 537 36  No preview and no response data in those tabs

User · Answer

from https   galaxyinternet us google-chrome-redirects-localhost-to-https-fix   None of the option fixes worked for me  for fixing https   localhost 3000  this did   click and hold Reload Button and select Empty Cache and Hard Reload  this seems to only be an option on localhost

User · Answer

In my case  I had my project path set as  Users me dev project root  and was running the nodeJS express server from there  Renaming my path to  Users me project root  removing dev from the path to project  resolved the issue   Most likely has to do with this new regulation      Chrome 63  out since December 2017   will force all domains ending on  dev  and  foo  to be redirected to HTTPS via a preloaded HTTP Strict Transport Security  HSTS  header     You can find more information about this here   Using    Google Chrome Version 70 0 3538 110  Official Build   64-bit  nodeJS v9 2 0

User · Answer

Tried everything mentioned  browser preferences  hsts  etc   but nothing worked for me  I solved it by adding a trailing  localhost to the host aliases  Like this  127 0 0 1    myproject localhost 127 0 0 1    dev project localhost

User · Answer

This is not a solution  it s just a workaround    Click on your visual studio project  top level  in the solution explorer and go to the properties window  Change SSL Enabled to true  You will now see another port number as  SSL URL  in the properties window    Now  when you run your application  or view in browser   you have to manually change the port number to the SSL port number in the address bar    Now it works fine as a SSL link

User · Answer

Another option would be to use something like https   github com rchampourlier tunnelss   Sure it added another dependency   setup  but it also enables testing of https in dev  which could be nice   I use RVM however to get tunnelss working I had to use sudo gem install tunnelss and sudo tunnelss

User · Answer

None of these worked for me  It started happening after a chrome update  Version 63 0 3239 84  linux  with a local URL  Would always redirect to https no matter what  Lost some hours and a lot of patience on this  What did worked after all was just changing the domain    For what is worth  the domain was  app  Perhaps it got something to do  And just changed it to  test and chrome stopped redirecting it

User · Answer

I believe this is caused by HSTS - see http   en wikipedia org wiki HTTP Strict Transport Security  If you have  developed  any other localhost sites which send a HSTS header     eg  Strict-Transport-Security  max-age 31536000  includeSubDomains  preload     then depending on the value of max-age  future requests to localhost will be required to be served over HTTPS     To get around this  I did the following     In the Chrome address bar type  chrome   net-internals  hsts  At the very bottom of a page is QUERY domain textbox - verify that localhost is known to the browser  If it says  Not found  then this is not the answer you are looking for  If it is  DELETE the localhost domain using the textbox above Your site should now work using plain old HTTP   This is not a permanent solution  but will at least get it working between projects  If anyone knows how to permanently exclude localhost from the HSTS list please let me know     UPDATE - November 2017  Chrome has recently moved this setting to sit under Delete domain security policies    UPDATE - December 2017 If you are using  dev domain see other answers below as Chrome  and others  force HTTPS via preloaded HSTS

User · Answer

Piggybacking off Adiyat Mubarak  Could not hard refresh as it was just refreshing on https  Follows some of the same steps    1  Open chrome developer tools  ctrl   shift   i  2  Network Tab at the top 3  Click Disable cache checkbox at the top  right under network tab for me   4  Refresh page  while the developer tools is still open

User · Answer

Chrome 63 forces  dev domains automatic to HTTPS via preloaded HSTS   Quick fix  just change the  dev domains to  localhost

User · Answer

I experienced the same problem in Chrome and I tried unsuccessfully to use BigJump s solution    I fixed my problem by forcing a hard refresh  as shown in this blog  originally from this SuperUser answer    Ensure your address bar is using the http scheme and then go through these steps  possibly a couple of times    Open the Developer Tools panel  CTRL SHIFT I     Click and hold the reload icon   Right click the reload icon         A menu will open         Choose the 3rd option from this menu   Empty Cache and Hard Reload

User · Answer

I also have been struggling with this issue  Seems that HSTS is intended for only domain names  So if you are developing in local machine  it much easier to use IP address  So I switched from localhost to 127 0 0 1

User · Answer

I never figured out the root of the problem however I was able to fix this problem  I deleted the Google Chrome app cache folder which solved the problem   C  Users users  AppData Local Google Chrome

User · Answer

That s the fastest solution today  17-3-2018    Close all Chrome tabs   windows and run on your command line this   or add it as a shortcode    C  Program Files  x86  Google Chrome Application chrome exe  --ignore-certificate-errors

User · Answer

Go to settings in Chrome and then to Advanced settings  under privacy and security section click Clear browsing data and then clear all data  I followed these steps and it worked for me  Hope it helps some one

User · Answer

A simple solution to this is to edit your  etc hosts file and establish one alias per project   127 0 0 1   project1 project2 project3   These domainless names will never have the problem with HSTS unless you send the HSTS response mentioned by  bigjump and with the added benefit of maintaining your login session if you change back and forth between projects

User · Answer

The issue could be replicated in VS 2019 also  This is caused due to  quot Enable Javascript debugging from Visual Studio IDE quot   The VS attaches to Chrome and it is a possibility that due to security or reasons known to Google and Microsoft  it sometimes fails to attach and you have this issue  I am able to run http and https with localhost from ASP net core 3 1 app  So while debugging in VS  go to the run with arrow - gt  IIS express  just below  quot Web Browser Chrome  quot  select  quot Script Debugging  Disabled  quot   See article  https   devblogs microsoft com aspnet client-side-debugging-of-asp-net-projects-in-google-chrome  https   docs microsoft com en-us visualstudio debugger debugging-web-applications view vs-2019 Always fallback to Microsoft docs to get more clarity than googling an issue

User · Answer

How I solved this problem with chrome 79   Just paste this url in you search input chrome   flags  allow-insecure-localhost  It helped me by using experimental features

User · Answer

Chrome 63  out since December 2017   will force all domains ending on  dev  and  foo  to be redirected to HTTPS via a preloaded HTTP Strict Transport Security  HSTS  header  You can find more information about this here

User · Answer

This can be caused by a cached https redirect  and can be fixed by clearing the cache manually as in Adiyat Mubarak s answer   But if you are visiting localhost you likely are a developer  in which case you will find a cache clearing chrome extension such as  classic cache killer   see e g  https   chrome google com webstore search classic 20cache 20killer hl en  useful in a variety of situations  and likely already have one installed     So the quick fix is  Install a cache killer  if you don t have one already   turn it on  and reload the page   Done

User · Answer

I am facing the same problem but only in Chrome Canary and searching a solution I ve found this post      one of the next versions of Chrome is going to force all domains ending on  dev  and  foo  to be redirected to HTTPs via a preloaded HTTP Strict Transport Security  HSTS  header       name    dev    include subdomains   true   mode    force-https        name    foo    include subdomains   true   mode    force-https       So  change your domains

User · Answer

NEW DEVELOPMENTS   if you have Chrome 63    If your localhost domain is  dev then I don t think the previously accepted and working answers no longer apply  This is because as of the Chrome 63 Chrome will force  dev domains to HTTPS via preloaded HSTS    What this means is   dev basically won t work at all anymore unless you have proper signed SSL certificate -- no more self signed certificates allowed  Learn more at this blog post   So to fix this issue now and to avoid this happening again in the future  test is one recommended domain because it is reserved by IETF for testing   dev purposes  You should also be able to use  localhost for local dev

User · Answer

A lazy and fast solution for lazy people like me  working in Chrome 67     Just launch another Chrome window in Stealth Mode  with the  Incognito Window  option  CTRL   SHIFT   N   No need to delete cache  no need to dive into deep Chrome settings  etc

User · Answer

Unfortunately  none of the solution listed here helped me to resolve this issue   I fixed this issue by using http   127 0 0 1  ip address  instead of http   localhost   A quick little hack to work with angular development with chrome browser

User · Answer

Adiyat Mubarak answer did not work for me  When I attempted to clear the cache and hard-reload  the page still redirected to https    My solution  In the upper right-hand corner of the url bar  just to the left of the favorites star icon  there is an icon with an  x  through it   Right-click on that  and it will say something about  unsafe scripts   then there is an option to load them anyway  Do that

User · Answer

Open Chrome Developer Tools -  go to Network -  select Disable Cache -  reload

User · Answer

For someone who had the same problem I solved by pressing CTRL   SHIFT   DELETE to delete just the entire browser cache  Now I can access my localhost website on HTTP protocol

[google-chrome] Google Chrome redirecting localhost to https

Examples related to google-chrome