Chrome 63 changing http to https

Question

Does using Chrome v.63 force use of https?

I am running Apache 2.4.27 on a Windows 10 desktop as a sandbox where I can experiment and do some tutorials. I have a vi

Answer 1

Google owns the .dev TLD and with Chrome 63 they are forcing HTTPS on all requests to anything.dev

I went through my local dev setup and replaced all references to .dev with .local, works fine now.

Your other option is to use Firefox for local development. .dev now triggers https in FF (since before FF61) with a workaround

Edit (asside): I have switched to using .localhost for dev as browsers allow navigator.geolocation.getCurrentPosition() (blocked if site is not HTTPS).

Answer 2

Google Chrome 63 update, out December 2017, places .dev domains in the preloaded HSTS list with a rule enforcing HTTPS, no workarounds.

{ "name": "dev", "include_subdomains": true, "mode": "force-https" }

The "only" way is to switch .dev with something else, like .localhost

IETF states a few reserved TLDs for development:

2. TLDs for Testing, & Documentation Examples

   There is a need for top level domain (TLD) names that can be used for creating names which, without fear of conflicts with current or future actual TLD names in the global DNS, can be used for private
   testing of existing DNS related code, examples in documentation, DNS
   related experimentation, invalid DNS names, or other similar uses.

   For example, without guidance, a site might set up some local
   additional unused top level domains for testing of its local DNS code and configuration. Later, these TLDs might come into actual use on
   the global Internet. As a result, local attempts to reference the
   real data in these zones could be thwarted by the local test
   versions. Or test or example code might be written that accesses a
   TLD that is in use with the thought that the test code would only be
   run in a restricted testbed net or the example never actually run.
   Later, the test code could escape from the testbed or the example be
   actually coded and run on the Internet. Depending on the nature of
   the test or example, it might be best for it to be referencing a TLD
   permanently reserved for such purposes.

   To safely satisfy these needs, four domain names are reserved as
   listed and described below.

              .test
           .example
           .invalid
         .localhost
   

   ".test" is recommended for use in testing of current or new DNS related code.

   ".example" is recommended for use in documentation or as examples.

   ".invalid" is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.

   The ".localhost" TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.

PS: .foo is also in the preloaded HSTS list

Answer 3

Thanks everyone for the advice. I ended up going with .tst for now. I have a feeling I'l be switching over (forced?) to .localhost at some point. But for now .tst is less typing.