skip to Main Content

I am currently doing some debugging on my website which involves calling the facebook API.

I’ve installed dnsmasq to work with my mac os X to redirect all request to facebook.com to 127.0.0.1

I have a echo server which will print out all the raw http request header on port 80 on my laptop.

Now comes my problem. When I access facebook.com, I realize chrome will automatically forward http:// to https:// for facebook.com

I googled and found the way of deleting this HSTS issue. I visit chrome://net-internals#hsts to see something like this:

HSTS chrome image

After entering “facebook.com” under “Delete domain”, I can still query “facebook.com” in the input box below.

I tried clearing all user data on chrome, closing and reopening chrome and even using incognito mode.

  • Why is chrome still redirecting all request to facebook.com to https?

  • How can I disable this if chrome://net-internals#hsts is not
    reliable?

2

Answers


  1. The text next to the Delete domain box on chrome://net-internals/#hsts clearly states that preloaded entries cannot be deleted. This feature request was closed as WontFix in the Chrome bug tracker.

    Text showing "you cannot delete preloaded entries

    facebook.com and quite a few of its subdomains are included in Chrome’s preload list.

    Login or Signup to reply.
  2. You could use another domain name for your tests.

    Just make api-calls to facebook-api-test.com, map that domain to localhost and proxy the calls.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search