|
|
|
|
|
|
by aaronmdjones
1480 days ago
|
|
|
Wait, Chrome is now requiring HSTS for localhost?
If you point it at https://localhost/ and the cert is valid (e.g. you installed a private CA and used it to sign a cert for localhost) and the site serves an HSTS header, yes. Like any other hostname.People who set up an HTTPS dev environment and have it send an HSTS header and then get annoyed when it behaves exactly as designed (and they know it) are rather out of touch, in my opinion. If you don't want the browser to force HTTPS, don't tell it to. |
|
|