Skip to main content

Posts

Showing posts from January, 2019

Chrome forcing all localhost queries to https, breaking various CLIs

I use the Azure CLI and the Force.com CLI pretty regularly, and both of them make use of a little webserver running on localhost, presumably to catch the auth tokens once the SSO process redirects back. I also like to use localhost as a new tab page, to better invoke Chrome's Vimium extension on all new tabs.  On several installs of several dev machines, http://localhost has been regularly redirected to https where it shouldn't be, causing breakage of all the CLIs, since they're not providing TLS certs, and my new tab page as I haven't got a TLS binding set up for the IIS default website.

Today I finally figured out the fix for it, it's explained here, basically Chrome is forcing connections over to TLS due to a HSTS header that it's picked up for localhost.  Deleting the security policy for the localhost domain immediately resolved all the problems I was having!  You can get to the HSTS security policies configuration at chrome://net-internals/#hsts