I've recently completely switched to Firefox Developer Edition but I have a problem I've not been able to handle yet on FF.
I'm a web developer so it happened to me to have several subdomains which corresponds to a test env of a live website.
exemple : http://local.example.com is my local for https://www.example.com
As it's a common problem to have modules licensed for a domain and its subdomains, I have to process this way to have a correct development environment (with the same modules than the live env).
My problem is the following : if I go to https://www.example.com Firefox will remember that it accessed it in https and will force my local to https://local.example.com instead of http://local.example.com (and of course the https on my local is not configured)
Cleaning the browser cache does not help (it solved the problem on chrome).
Changing the ttl of the dns to 0 in Firefox config did not help.
Restarting the browser does not help neither.
In the developer panel settings, i checked "disable http cache when dev tools is open", it did not worked.
At the moment, I have to work on my local in a private window, which is not very practical.
Does anybody knows how I can flush this cache in Firefox ?
Even better : is there a way to disable this cache ? As I'm using the developer edition, that would be awesome to be able to disable it at least on this version.
Thanks!
Since the root domain seems to affect the other domains, it may seem you are using HSTS to make sure all requests are https.
You have 3 solutions to fix this:
Exclude subdomains on the main HTST header
The simplest solution for you and all other developers working on your site may be removing the includeSubDomains on the HTST header on your main domain. (But beware that this decreases security if you actually use other subdomains)
Use a private window
HTST domains are not shared by to a private window for privacy reasons
Get an free SSL certificate for local.example.com
Temporary redirect the global local.example.com domain to your computer, and use letsencrypt to get a certificate for your pc
Related
Doing dev work on several sites on my local (Windows 10) PC when out of the blue this morning one site refuses to load in Microsoft Edge (Version 89.0.774.45 (Official build) (64-bit)). Other local sites are working fine.
I removed the redirect to SSL from web.config and issued a fresh self-signed certificate: NET::ERR_CERT_COMMON_NAME_INVALID - You can't visit local-prodject.mydomain.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
There is no HSTS in web.config. I removed the HTTPS redirect from web.config and it's still trying to force HTTPS. I've done the edge://net-internals/#hsts to delete for local-prodject.mydomain.com and localhost, no change.
I'd prefer to have self-signed working as it was yesterday, and on other sites on my local PC so when they get pushed to a production environment they're ready to go.
I should also note that Chrome and Firefox (Dev and regular) work fine.
Chrome, Opera and Edge have a safe word you can use to bypass this SSL issue for local development. Click anywhere within the browser window and type: thisisunsafe
I installed TFS 2018 and chose HTTPS only. Now I've changed my mind and want it to run on non-HTTPS. I changed the "Public URL" to http, removed the HTTPS bindings from IIS. But when I go to the TFS page in the browser, it's still forwarding to HTTPS. There are no redirects setup in IIS, which leads me to believe that the redirect is happening in TFS itself. Where I can I configure TFS to not operate under HTTPS?
I tried searching for an answer, but all roads lead to "how to configure TFS for HTTPS", nothing about removing it.
I've also tried different browsers, and cleared my cache to make sure the 301 wasn't being cached, which can happen.
Once you remove the Site Bindings for https, you have to edit the sslOnly flag under Application Settings. Change the public URL in Team Foundation Server Administration Console. And you should be good to go.
I have an IIS running on the server and a website (.net) running perfectly on http (80) and https (443). And i have a new Wordpress website. I wanna publish the wordpress site on the same domain. In order to do it i will remove the files of the present website and place the new site's files and in theory,i expect IIS will start to show this new site. And all the bindings and everything s set on IIS for this SSL certificate for the same domain. So my question is , can i expect that new site will run perfectly on http (80) and https (443)? Or will https fail?
Yes, in theory it should work but as you know with IIS, what is true in theory may not always be true in practice.
What you will find tricky is that Wordpress is heavily reliant on URLs and it may be tricky to run both options, ideally you should force one or the other but there are techniques that allow you to run both.
I can't speak for the effectivity or efficiency of this but here's a link: https://blog.rabin.io/sysadmin/make-wordpress-site-work-both-http-https
Well in theory it supposed to work but it didn t. Eventually i figured that SSL certificate was revoked.
I know this is strange.
I have an azure website. If you visit it, e.g. web1.azurewebsites.net you will be immediately redirected (302) to https://web1.azurewebsites.net
I do not have any code in the deployed application that does, this, nor anything in my web.config.
To test, I created another S1 (i.e. SSL capable) azure websites from scratch, deployed the EXACT same code (even used the same database), and I do not get the redirects.
Where is this 302 redirect setup in Azure?
to be clear.
1) Exact same code, webconfig etc.
2) only difference is the Azure publish location
3) I do have some recollection of ticking a box somewhere saying 'only allow ssl', but I really can't find it anywhere now.
All references online are a) to turn ssl ON, b) talk about web config and mvc code. Neither apply here due to test.
For you info, in Edge, F12 tools, I can see the redirect under Network tab.
and X-Powered-By: ASP.NET etc. etc.
I can't find a setting anywhere in Azure portal to turn this off. Any help appreciated.
Hard to investigate without demo or code.
If your project doesn't have any rewrite rules then it must be an app service that is doing this.
You might have an extension installed that does this: https://blog.nicholasrogoff.com/2017/01/12/azure-app-service-force-redirect-from-http-to-https-the-easy-way/
Or rewrites happen at a higher level. Do you have some kind of service that sits on the top of you app service e.g. cloudflare?
You can try clone your existing app (requires premium subscription) to see if the problem is reproduced
The real problem was the browser! not the code....
I had once, at some point put in the HSTS headers for testing. Once you do that in Chrome, it will always 'redirect' itself to the https version.
You can
Use incogneto mode
clear the 'you must always redirect to https' setting in chrome using the advanced chrome settings.
For developing purposes, is there a flag for Google Chrome that will allow for cross-site HTTP requests?
I don't know of A way to allow cross site requests, but if you are trying to pull in data from on particular site (ie. the live version of the site you are developing for) you can edit you /etc/hosts file to have test.whateveryourdomainis.com point to localhost, this way you can also have domain specific links in your code that more closely match what they will be on the live site.
By doing this your local files will appear to be hosted remotely, and any cross domain issues will be ignored
Under OSX start Canary/Chrome app with the flag --disable-web-security.
Be careful with this option though.
/Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --disable-web-security