发表新帖
发表新帖

Chrome:The website uses HSTS. Network errors…this page will probably work later

后端 未结
关注
9 1026
粉色の甜心
粉色の甜心 2020-12-07 07:12

I am developing against localhost. This morning right after I used fiddler I started getting this error on chrome (works correctly in firefox)

\"You cannot visit loc

相关标签:
9条回答
  • 予麋鹿
    2020-12-07 07:54

    When you visited https://localhost previously at some point it not only visited this over a secure channel (https rather than http), it also told your browser, using a special HTTP header: Strict-Transport-Security (often abbreviated to HSTS), that it should ONLY use https for all future visits.

    This is a security feature web servers can use to prevent people being downgraded to http (either intentionally or by some evil party).

    However if you then then turn off your https server, and just want to browse http you can't (by design - that's the point of this security feature).

    HSTS also does prevents you from accepting and skipping past certificate errors.

    To reset this, so HSTS is no longer set for localhost, type the following in your Chrome address bar:

    chrome://net-internals/#hsts

    Where you will be able to delete this setting for "localhost".

    You might also want to find out what was setting this to avoid this problem in future!

    Note that for other sites (e.g. www.google.com) these are "preloaded" into the Chrome code and so cannot be removed. When you query them at chrome://net-internals/#hsts you will see them listed as static HSTS entries.

    And finally note that Google has started preloading HSTS for the entire .dev domain: https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/

    0 讨论(0)
  • 旧时难觅i
    2020-12-07 07:56

    Click anywhere in chrome window and type thisisunsafe (instead of badidea previously) in chrome.

    This passphrase may change in future. This is the source

    https://chromium.googlesource.com/chromium/src/+/master/components/security_interstitials/core/browser/resources/interstitial_large.js#19

    According to that line, type window.atob('dGhpc2lzdW5zYWZl') to your browser console and it will give you the actual passphrase.

    This time the passphrase is thisisunsafe.

    0 讨论(0)
  • 北海茫月
    2020-12-07 07:57

    I see there are so many useful answers here but still, I come across a handy and useful article out there. https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/

    I ran into the same issue and that article helped me to what exactly it is and how to deal with that HTH :-)

    0 讨论(0)
 看不清?
提交回复
热议问题