How to stop an automatic redirect from “http://” to “https://” in Chrome

google-chrome

I had something set up wacky in our DNS setup which is now resolved.

The remaining problem is that chrome has cached the incorrect setup.

Specifically, when using Chrome http://example.com is now redirecting to https://example.com (naked domain), which is not valid/supported. http://example.com SHOULD redirect to http://www.example.com and then force https://www.example.com.

But on a handful of browsers (including mine) this doesn't happen because of some funky Chrome caching. I tried going to “Privacy -> Clear Cache” but it had no effect.


Solution 1:

Anon is right about STS, but there is a way to specifically delete your domain from the set.

  1. Go to chrome://net-internals/#hsts. Enter example.com under Delete domain security policies and press the Delete button.

  2. Now go to chrome://settings/clearBrowserData, tick the box Cached images and files and press click the button Clear data.

Solution 2:

My problem came from having a .dev domain, which was apparently recently registered as a gTLD and put in a commit to Chrome Canary. I found this out from a recent post I came across as I searched for my problem.

If you have the same problem I do, it appears that the best solution is to change your domain to be something other than .dev. The article suggested .test with a potential solution of .localhost later down the road (via this proposal).

Solution 3:

To delete domain under "HSTS" menu in chrome://net-internals is a temporary solution. After visiting this domain over HTTPS it will be included in HSTS list again.

Basicaly, to solve this issue it is necessary to disable HTTP Strict Transport Security on the web-server 3rdrevolution.com (IIS, Apache, nginx,...). For nginx edit its HTTPS section in nginx.conf and set 'max-age=0' for Strict-transport-Security:

server {
#...
        ssl on;
#...
        add_header Strict-Transport-Security "max-age=0;";
#...
}

More info: HTTP Strict Transport Security (HSTS)

Solution 4:

https://www.3rdrevolution.com sends the Strict-Transport-Security header so accessing it over https once will make browsers like Chrome/Firefox redirect http requests to https until some specified point in the future.

As the other answer said, the only way to stop this once it starts is to clear the browser cache (or wait for the browser to expire the order).

Related

Windows 7 SP1 Windows Update stuck checking for updates
How to copy with cp to include hidden files and hidden directories and their contents?
How to execute a command whenever a file changes?
View list of files in ZIP archive on Linux
How do you reload your .vimrc file without restarting vim?
From a quality perspective, what is better: turning volume up in the software, in the OS, or on the speakers?
How can I get the same SSID for multiple access points?
How to *disable* automatic reboots in Windows 10?
How can I display the contents of an environment variable from the command prompt in Windows 7?
macOS keeps asking my ssh passphrase since I updated to Sierra
How are pseudorandom and truly random numbers different and why does it matter?
How to recursively chmod all directories except files?