Skip to content

Latest commit

 

History

History
14 lines (9 loc) · 1.17 KB

README.md

File metadata and controls

14 lines (9 loc) · 1.17 KB

Note: This extension is not needed in Chrome 132+, because we've updated Chromium to ignore HSTS on localhost responses.

A simple extension that disables HSTS for localhost on every response.

You can install from the Chrome Web Store.

This helps prevent unexpected use of HTTPS for developers building a mix of HTTP and HTTPS services.

See e.g. https://issues.chromium.org/issues/41251622 and https://textslashplain.com/2020/02/26/can-i-in-the-new-edge/#:~:text=HSTS%20for%20localhost%20sites for discussion.

Note: This extension will remove any HSTS Record for localhost each time a https://localhost/* request is made. However, without such a HTTPS request, it cannot itself delete a HSTS rule that was set before the extension was installed. To manually delete any existing record, visit about://net-internals/#hsts, type localhost in the Delete domain security policies box, and click the Delete button: Manual Delete