Chrome to break .dev development with forced HTTPS

Andy Gambles
Sep 17, 2017 · 1 min read
Image for post
Image for post
Photo by Ilya Pavlov on Unsplash

If you use .dev when you development your web applications you may have problems with Chrome.

Mattias Geniar has noted that Chrome has added .dev wildcard to Chrome HSTS preload.

What this means is that any URL using .dev domain extension will automatically redirect to HTTPS. The .dev extension is actually owned by Google. Becuase the site is using HSTS preload chrome will also not allow you to “proceed” past any HTTPS errors.

If you use .dev for your development I recommend you look at changing this now. There is a proposal to reserve .localhost to always point to 127.0.0.1. This is therefore an option.

However as the web moves to 100% HTTPS to avoid issued you should really also develop using 100% HTTPS. For this reason I recommend you consider purchasing a domain and wildcard HTTPS certificate for development purposes.

You can then use project.example.com (where example.com is your registered domain). The wildcard HTTPS certificate will secure every project you use on that domain.

Servertastic

Stories from the world of servertastic.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store