Did Not Connect: Potential Security Issue
Vin.AI
Not able to continue visiting my local development website. Because browsers are blocking the site and common problem is HSTS. Unable to figure out what's gone wrong.
Recently I setup new system for web development. Everything was working well since I setup new machine. Sudden today everything got freeze and I feeling like prisoner.
Firefox and Google Chrome was blocked site last week, still my work was continuing because Firefox Development Edition was holding my back. And was also exploring to fix that issue. But today it is got over. So, I finally on fixing this.
Only difference between two machine is OS and Web Server. On old machine (macOS) I was using Apache, but Nginx is on my new machine (Ubuntu).
Our live production domain is https://www.peoplematters.in and we do development using https://dev.peoplematters.in.
For local development I'm using self signed certificate.
In some cases browser's allow to add security exception. But in this HSTS case it is not allowing. I've not configured HSTS header for local development version. So, why it's showing!!!
Barry Pollard
Because it is configured it on the top level domain with include sub domains: https://securityheaders.com/?q=https%3A%2F%2Fpeoplematters.in&hide=on:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
I would guess at some point you visited the top level domain (instead of just the www version) so picked up this policy.
Additionally, because this header has preload in it, it may soon be preloaded into web browsers code.meaning it wil be impossible to turn this off and you’ll have to get used to setting up your certificates properly in your dev envs (by either trusting your self-signed certs or by using other certs recognised by the browser).
Collected from the Internet
Please contact [email protected] to delete if infringement.
edited at
- Prev: Writing Variables using Beanshell Sampler in JMeter into a txt/csv file
- Next: how to initialize a bouncycastle BigInteger?
Related
TOP Ranking
- 1
pump.io port in URL
- 2
Failed to listen on localhost:8000 (reason: Cannot assign requested address)
- 3
How to import an asset in swift using Bundle.main.path() in a react-native native module
- 4
Inner Loop design for webscrapping
- 5
Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background
- 6
ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements
- 7
mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)
- 8
Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)
- 9
Ambiguous use of 'init' with CFStringTransform and Swift 3
- 10
Resetting Value of <input type="time"> in Firefox
- 11
Execute ./script.sh with a crontab
- 12
Converting a class method to a property with a backing field
- 13
Spring Boot JPA PostgreSQL Web App - Internal Authentication Error
- 14
How to update azerothcore-wotlk docker container
- 15
How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?
- 16
Grails with Oracle thick OCI driver authenticate to Oracle with wrong user
- 17
How to pass data to the ng2-bs3-modal?
- 18
Making Array From Page Elements in jQuery
- 19
Retrieve Element Tag Value XML Using Bash
- 20
Laravel's ORM sync with timestamps doesn't update timestamps
- 21
Do animations stop css changes after animation completion?
Comments