Chrome to break .dev development with forced HTTPS

Photo by Ilya Pavlov on Unsplash

If you use .dev when you development your web applications you may have problems with Chrome.

Mattias Geniar has noted that Chrome has added .dev wildcard to Chrome HSTS preload.

What this means is that any URL using .dev domain extension will automatically redirect to HTTPS. The .dev extension is actually owned by Google. Becuase the site is using HSTS preload chrome will also not allow you to “proceed” past any HTTPS errors.

If you use .dev for your development I recommend you look at changing this now. There is a proposal to reserve .localhost to always point to 127.0.0.1. This is therefore an option.

However as the web moves to 100% HTTPS to avoid issued you should really also develop using 100% HTTPS. For this reason I recommend you consider purchasing a domain and wildcard HTTPS certificate for development purposes.

You can then use project.example.com (where example.com is your registered domain). The wildcard HTTPS certificate will secure every project you use on that domain.