Page 1 of 1
Local URLs redirecting to HTTPS
Posted: 2018-07-24, 09:57
by adesh
When accessing a resource like local.mysite.com/something hosted locally, the browser converts the request to HTTPS one. This results in SSL errors because generally development machines are not SSL/TLS enabled.
Please remove this feature. I don't think anyone would require this, so it can be disabled without any preference controlling it.
I guess this is being done using HTTS? If yes, disabling that is not an option.
I'd also like to know what the rationale was behind this (why did FF/Chrome implement this)?
Re: Local URLs redirecting to HTTPS
Posted: 2018-07-24, 10:53
by JustOff
adesh wrote:When accessing a resource like local.mysite.com/something hosted locally, the browser converts the request to HTTPS one.
I've never seen such behavior, having both http and https running on localhost.
Re: Local URLs redirecting to HTTPS
Posted: 2018-07-24, 11:05
by Moonchild
HSTS is usually declared domain-wide with subdomains. If you enable HSTS for your domain that way, then you must make sure everything on that domain is HTTPS, including "local" hosts. There is no distinction between behavior depending on what a host resolves to.
If you want to be more selective, then you must only set HSTS headers on specific hosts and exclude subdomains.
The rationale behind this is the standard. see
RFC 6797
Re: Local URLs redirecting to HTTPS
Posted: 2018-07-24, 11:11
by adesh
JustOff wrote:I've never seen such behavior, having both http and https running on localhost.
I forgot to put that in my post. Accessing the site via
localhost kind of works, but that limits my machine's ability to serve multiple domains with their own configuration. URL router also gets messed up if, for example, both
api.mysite.com and
web.mysite.com are accessed using
localhost.
Re: Local URLs redirecting to HTTPS
Posted: 2018-07-24, 11:58
by adesh
Ok, so HSTS is indeed enabled for our domain including subdomains (I talked with our admin). Confusion was because I was not seeing this behaviour in older Basilisk. Now, things are clearer. But still no solution, other than disabling the list.