Home > Mobile >  Why does Google Chrome automatically redirect `http://app` to `https://app` but doesn't do that
Why does Google Chrome automatically redirect `http://app` to `https://app` but doesn't do that

Time:02-19

Environment:

  • Ubuntu 18.04.6 Desktop 64-bit
  • Google Chrome 98.0.4758.80 (Official Build) (64-bit)
  • FireFox 92.0 (64-bit)

What I did:

  • Install apache2 (so it starts a default local website that I can access at http://localhost).
  • Edit /etc/hosts and add the following entries:
127.0.0.1   app
127.0.0.1   app2
127.0.0.1   napp
  • On Google Chrome, open the following URIs:
    • http://localhost: Successfully opened the "Apache2 Ubuntu Default Page" as an insecure domain.
    • http://app: Got redirected to https://app automatically and returned the error "This site can’t be reached"
    • http://app2: Same as http://localhost.
    • http://napp: Same as http://localhost.
  • On FireFox, open the following URIs:
    • http://localhost: Successfully opened the "Apache2 Ubuntu Default Page" as an insecure domain.
    • http://app: Same as http://localhost.
    • http://app2: Same as http://localhost.
    • http://napp: Same as http://localhost.

I searched on Google and saw posts that talk about the automatic redirect from http to https, such as How to Stop Chrome from Automatically Redirecting to https. I followed the posts by deleting the security policy for the domain app and clearing the browser cache of all the time, but I still got redirected from http://app to https://app. (In fact, I was using a freshly installed OS and Google Chrome and had never opened any websites before doing the test.)

Why does Google Chrome automatically redirect http://app to https://app but doesn't do that to http://app2 or http://napp?

I also learned that Chrome & Firefox now force .dev domains to HTTPS via preloaded HSTS and Google rolls out .app domains with built‑in HTTPS. So it looks like the browsers are using preloaded/builtin HSTS to enforce the use of HTTPS. But does http://app count as a case of .app domain?

I think it should be some browser settings because FireFox didn't do the redirection.

CodePudding user response:

Simply put, Chrome uses a HSTS preload list to automatically redirect certain domains from HTTP to HTTPS. This preload list is "a list of sites that are hardcoded into Chrome as being HTTPS only." app is already included into this preload list, as shown by this link: "Status: app is currently preloaded." Therefore, when http://app is entered, Chrome automatically redirects it to https://app. But app2 and napp are not included, so http://app2 and http://napp are untouched.

I wrote the article Why does Google Chrome automatically redirect http://app to https://app but doesn't do that to http://app2 or http://napp? to explain this with more details and other related links.

Page link:https//www.codepudding.com/Mobile/307091.html

Prev:What Type of Computer Vision Task is This?
Next:Google Sheets solution
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding