Geek Answers Handbook

Safari supports HTTPS on localhost

When I load http://localhost:3000 into Safari, Safari is automatically redirected to https://localhost:3000 . How to disable this feature?

I went into ~/Library/Cookies/HSTS.plist and deleted the localhost entry and then restarted Safari, but just added it to this plist file and redirected to https.

Any ideas how to fix this so that I must explicitly point to http or https on localhost ?

+17
safari hsts
source share
3 answers

I was able to solve this based on a response from Ask Different .

In short, closing Safari and then executing the commands below worked.

 sudo killall nsurlstoraged rm -f ~/Library/Cookies/HSTS.plist launchctl start /System/Library/LaunchAgents/com.apple.nsurlstoraged.plist

Restarting Safari after starting it and trying to switch to http://localhost:3000 solved the problem and did not redirect to https .

Hope this helps someone solve this problem.

+18
source

I also ran into this problem and posted my solution on the Apple Community website:

https://discussions.apple.com/thread/250107953

0
source

First of all, let's confirm why it goes to HTTPS.

Does Developer Tools display 301 or 302 redirects?

If this is your web server talking go to HTTPS. Correct your web server configuration.

Or is it a 307 redirect that indicates HSTS?

To be completely honest, I'm not sure if Safari shows this as 307 (fake internal redirection for representing HSTS), so it can just go there without showing it, but Chrome really shows it.

If so, then deleting this file and restarting should solve this. However, can you confirm that the HTTPS site returns an HTTP header with strict transport security? If so, it will simply establish that the next time you switch to HTTPS (including if your page loads and the image on top of HTTPS). Can you remove this header? Or better yet, publish it with a maximum age of 0 so that it removes it from the HSTS browser cache without indicating which file it is in, or if Safari moved it from ~ / Library / Cookies / HSTS.plist

-2
source

More articles:


All Articles