I am currently doing some debugging on my website which involves calling the facebook API.
I’ve installed dnsmasq to work with my mac os X to redirect all request to facebook.com to 127.0.0.1
I have a echo server which will print out all the raw http request header on port 80 on my laptop.
Now comes my problem. When I access facebook.com, I realize chrome will automatically forward http:// to https:// for facebook.com
I googled and found the way of deleting this HSTS issue. I visit chrome://net-internals#hsts
to see something like this:
After entering “facebook.com” under “Delete domain”, I can still query “facebook.com” in the input box below.
I tried clearing all user data on chrome, closing and reopening chrome and even using incognito mode.
-
Why is chrome still redirecting all request to facebook.com to https?
-
How can I disable this if
chrome://net-internals#hsts
is not
reliable?
2
Answers
The text next to the
Delete domain
box onchrome://net-internals/#hsts
clearly states that preloaded entries cannot be deleted. This feature request was closed as WontFix in the Chrome bug tracker.facebook.com
and quite a few of its subdomains are included in Chrome’s preload list.You could use another domain name for your tests.
Just make api-calls to
facebook-api-test.com
, map that domain to localhost and proxy the calls.