laravel Chrome 将 .dev 重定向到 https
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/47768289/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Chrome redirects .dev to https
提问by Mathis
Suddenly Google Chrome redirects my virtual-host domain myapplication.dev to https://myapplication.dev. I already tried to go to
突然谷歌浏览器将我的虚拟主机域 myapplication.dev 重定向到https://myapplication.dev。我已经尝试去
chrome://net-internals/#hsts
铬://网络内部/#hsts
And enter myapplication.dev into the textbox at the very bottom "Delete domain security policies" but this had no effect.
并在最底部的“删除域安全策略”的文本框中输入 myapplication.dev 但这没有任何效果。
I also tried to delete the browser data.
我也尝试删除浏览器数据。
What I also did is to change the v-host to .app instead of .dev but Chrome still redirected me to https:// ...
我还做的是将 v-host 更改为 .app 而不是 .dev 但 Chrome 仍然将我重定向到 https:// ...
It's a Laravel application running on Laragon. On other PCs in the same network, it works perfectly.
这是一个运行在 Laragon 上的 Laravel 应用程序。在同一网络中的其他 PC 上,它可以完美运行。
回答by Jerodev
There is no way to prevent Chrome (>= 63) form using https on .devdomain names.
Google now owns the official .devtld and has already stated that they will not remove this functionality.
没有办法阻止 Chrome (>= 63) 表单在.dev域名上使用 https 。
Google 现在拥有官方.devtld,并且已经声明他们不会删除此功能。
The recommendation is to use another tld for development purposes, such as .localhostor .test.
建议使用另一个 tld 用于开发目的,例如.localhost或.test。
More information about this update can be found in this article by Mattias Geniar.
有关此更新的更多信息,请参阅 Mattias Geniar 的这篇文章。
回答by larsbadke
Check that link
检查该链接
https://laravel-news.com/chrome-63-now-forces-dev-domains-https
https://laravel-news.com/chrome-63-now-forces-dev-domains-https
Based on this article by Danny Wahl he recommends you use one of the following: “.localhost”, “.invalid”, “.test”, or “.example”.
根据 Danny Wahl 的这篇文章,他建议您使用以下选项之一:“.localhost”、“.invalid”、“.test”或“.example”。
回答by Franz
Chrome 63 forces .dev domains to HTTPS via preloaded HSTSand soon all other browsers will follow.
Chrome 63 通过预加载的 HSTS 强制 .dev 域使用 HTTPS,很快所有其他浏览器也将效仿。
.dev gTLD has been bought by Google for internal use and can not be used anymore with http, only https is allowed. See this article for further explanations:
.dev gTLD 已被 Google 购买供内部使用,不能再与 http 一起使用,只允许使用 https。请参阅这篇文章以获得进一步的解释:
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/
回答by Kamil Kie?czewski
MacOS Sierra, Apache: After Chrome 63 forces .dev top level domains to HTTPS via preloaded HSTS phpmyadmin on my mac stop works. I read thisand just edit /etc/apache2/extra/http-vhosts.conffile:
MacOS Sierra、Apache:在 Chrome 63 通过我的 mac 上预加载的 HSTS phpmyadmin 将 .dev 顶级域强制转换为 HTTPS 后,我的 mac 停止工作。我读了这个,只是编辑/etc/apache2/extra/http-vhosts.conf文件:
<VirtualHost *:80>
DocumentRoot "/Users/.../phpMyAdmin-x.y.z"
ServerName phpmyadmin.localhost
</VirtualHost>
and restart apache (by sudo /usr/sbin/apachectl stop; sudo /usr/sbin/apachectl start) - and now it works on http://phpmyadmin.localhost:) . For laravel applications solution is similar.
并重新启动 apache (by sudo /usr/sbin/apachectl stop; sudo /usr/sbin/apachectl start) - 现在它可以在http://phpmyadmin.localhost:) 上运行。对于 Laravel 应用程序,解决方案类似。
The nice thing is that using *.localhosttop level domain when you set up new project you can forget about editing /etc/hosts.
好消息是,*.localhost当您设置新项目时使用顶级域,您可以忘记编辑/etc/hosts.
How cool is that? :)
多么酷啊?:)
There's also an excellent proposal to add the .localhost domain as a new standard, which would be more appropriate here.
还有一个很好的建议是将 .localhost 域添加为新标准,这在这里更合适。
UPDATE 2018
2018 年更新
Using *.localhostis not good - some applications will not support it like cURL (used by php-guzzle) - more details here. Better is to use *.local.
使用*.localhost不好 - 一些应用程序不会像 cURL(由 php-guzzle 使用)那样支持它 - 更多细节在这里。更好的是使用*.local.
回答by Stefano
May be worth noticing that there are other TLD that are forced to https: https://chromium.googlesource.com/chromium/src.git/+/63.0.3239.118/net/http/transport_security_state_static.json#262
可能值得注意的是,还有其他 TLD 被强制使用 https:https: //chromium.googlesource.com/chromium/src.git/+/63.0.3239.118/net/http/transport_security_state_static.json#262
google, dev, foo, page, appand chromeright now.
google, dev, foo, page,app和chrome现在。
回答by terry zhang
This problem can't be fixed. Below is the reason:
这个问题无法修复。原因如下:
- Google owns .dev gTLD
- Chrome forces HTTP to HTTPS on .dev domain directly within the source code.
- 谷歌拥有 .dev gTLD
- Chrome 直接在源代码中强制 HTTP 到 .dev 域上的 HTTPS。
From the 2nd link below:
从下面的第二个链接:
...
// eTLDs
// At the moment, this only includes Google-owned gTLDs,
// but other gTLDs and eTLDs are welcome to preload if they are interested.
{ "name": "google", "include_subdomains": true, "mode": "force-https", "pins": "google" },
{ "name": "dev", "include_subdomains": true, "mode": "force-https" },
{ "name": "foo", "include_subdomains": true, "mode": "force-https" },
{ "name": "page", "include_subdomains": true, "mode": "force-https" },
{ "name": "app", "include_subdomains": true, "mode": "force-https" },
{ "name": "chrome", "include_subdomains": true, "mode": "force-https" },
...
References
参考
回答by Mehdi
For Firefox: you can disable the property network.stricttransportsecurity.preloadlistby visiting the address : about:config.
对于 Firefox:您可以通过访问地址禁用network.stricttransportsecurity.preloadlist属性:about:config。
For IE it seems to be still working .
对于 IE,它似乎仍在工作。
For Chrome, there is no solution, I think it's hardcoded in the source code.
对于 Chrome,没有解决方案,我认为它是在源代码中硬编码的。
See that article : How to prevent Firefox and Chrome from forcing dev and foo domains to use https
