Deleting Chrome HSTS for facebook.com not working

让人想犯罪 __ 提交于 2019-12-12 04:14:54

问题


I am currently doing some debugging on my website which involves calling the facebook API.

I've installed dnsmasq to work with my mac os X to redirect all request to facebook.com to 127.0.0.1

I have a echo server which will print out all the raw http request header on port 80 on my laptop.

Now comes my problem. When I access facebook.com, I realize chrome will automatically forward http:// to https:// for facebook.com

I googled and found the way of deleting this HSTS issue. I visit chrome://net-internals#hsts to see something like this:

HSTS chrome image

After entering "facebook.com" under "Delete domain", I can still query "facebook.com" in the input box below.

I tried clearing all user data on chrome, closing and reopening chrome and even using incognito mode.

  • Why is chrome still redirecting all request to facebook.com to https?

  • How can I disable this if chrome://net-internals#hsts is not reliable?


回答1:


The text next to the Delete domain box on chrome://net-internals/#hsts clearly states that preloaded entries cannot be deleted. This feature request was closed as WontFix in the Chrome bug tracker.

facebook.com and quite a few of its subdomains are included in Chrome's preload list.




回答2:


You could use another domain name for your tests.

Just make api-calls to facebook-api-test.com, map that domain to localhost and proxy the calls.



来源:https://stackoverflow.com/questions/41239186/deleting-chrome-hsts-for-facebook-com-not-working

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!