[copied from https://stackoverflow.com/questions/39937837/]
I've got my DNS set up to point local.example.com
to 127.0.0.1. This is so that I can share cookies between the live site and my dev environment.
With HSTS activated on the live site, my browser automatically tries to access the local site at https://local.example.com/
which doesn't work as my dev server doesn't support SSL (I've tried serving at port 443).
Is there a way to instruct my browser (Chromium) to ignore HSTS?
(From what I've read, the includeSubDomains
is very important to avoid cookie hijack attacks – basically I only want to include the subdomain exception for myself).
Best Answer
I'm not really sure if this of help in your specific situation (and you're aware of this "solution"), but one possible way would be to clear the browser HSTS cache. Maybe it's also possible to map this to a special key (combination), which would make it more easy to invoke it.
Here is how to do it with Chromium:
chrome://net-internals/#hsts
.Additional note: This only works if your domain isn't part of the HSTS preloaded list.