[英]Safari keeps forcing HTTPS on localhost
When I load http://localhost:3000
in Safari, Safari automatically redirects to https://localhost:3000
.当我在 Safari 加载
http://localhost:3000
时,Safari 自动重定向到https://localhost:3000
。 How can I disable this functionality?如何禁用此功能?
I went into ~/Library/Cookies/HSTS.plist
and removed the localhost
entry, then restarted Safari but it just re-added it to that plist file and redirected to https.我进入
~/Library/Cookies/HSTS.plist
并删除了localhost
条目,然后重新启动 Safari 但它只是将其重新添加到该 plist 文件并重定向到 https。
Any ideas how to fix this so that on localhost
I have to explicitly say http or https?任何想法如何解决这个问题,以便在
localhost
上我必须明确地说 http 或 https?
I was able to solve this based on an answer from Ask Different .我能够根据Ask Different的答案解决这个问题。
In short, closing Safari, then running the commands below, worked.简而言之,关闭 Safari,然后运行以下命令即可。
sudo killall nsurlstoraged
rm -f ~/Library/Cookies/HSTS.plist
launchctl start /System/Library/LaunchAgents/com.apple.nsurlstoraged.plist
Restarting Safari after running that and trying to go to http://localhost:3000
solved the problem and did not redirect to to https
.运行后重新启动 Safari 并尝试转到
http://localhost:3000
解决了问题并且没有重定向到https
。
Hopefully this helps someone fix this problem.希望这有助于有人解决这个问题。
This also happens if the Content Security Policy "upgrade-insecure-requests" is set.如果设置了内容安全策略“upgrade-insecure-requests”,也会发生这种情况。 There is an open issue here: https://github.com/github/secure_headers/issues/348
这里有一个未解决的问题: https://github.com/github/secure_headers/issues/348
You can try你可以试试
deleting website data for localhost (Safari > Preferences > Privacy > Manage Website Data...)
After that close browser and try it.之后关闭浏览器并尝试它。
If cannot you can try make different port 80 after back port 80 for localhost如果不能,您可以尝试在为 localhost 返回端口 80 之后创建不同的端口 80
It's possible to use http://127.0.0.1:3000
instead.可以使用
http://127.0.0.1:3000
代替。 Or your local computer name.或您的本地计算机名称。 For example:
http://andis-mac-5.local:3000
.例如:
http://andis-mac-5.local:3000
。
You can determine the local computer name from system preferences - Share - Edit :您可以从系统首选项-共享-编辑中确定本地计算机名称:
First of all lets confirm why it is going to HTTPS.首先让我们确认为什么要使用 HTTPS。
In Developer Tools is it showing a 301 or 302 redirect?在开发者工具中是否显示 301 或 302 重定向?
If so it's your web server saying to go to HTTPS.如果是这样,则是您的 Web 服务器说要使用 HTTPS。 Fix your web server config.
修复您的 Web 服务器配置。
Or is it a 307 redirect which indicates HSTS?或者它是指示 HSTS 的 307 重定向?
To be perfectly honest I'm not sure if Safari shows this as a 307 (a fake internal redirect to represent HSTS), so it might just go there without showing this, but Chrome does show this.老实说,我不确定 Safari 是否将其显示为 307(代表 HSTS 的假内部重定向),因此它可能只是在没有显示的情况下进入那里,但 Chrome 确实显示了这一点。
If so, then deleting that file and restarting should solve that.如果是这样,那么删除该文件并重新启动应该可以解决这个问题。 However can you confirm if the HTTPS site is returning a strict-transport-security HTTP Header?
但是,您能否确认 HTTPS 站点是否返回了严格传输安全的 HTTP 标头? If so then it will just set that next time you happen to go to HTTPS (including if your page loads and image over HTTPS).
如果是这样,那么它会在您下次碰巧转到 HTTPS 时进行设置(包括您的页面是否通过 HTTPS 加载和图像)。 Can you remove that header?
你能去掉那个标题吗? Or better yet, publish it with a max-age of 0 so it removes it from the HSTS browser cache without having to figure out which file it's in or if Safari have moved it from ~/Library/Cookies/HSTS.plist
或者更好的是,使用 max-age 0 发布它,这样它就可以将它从 HSTS 浏览器缓存中删除,而不必弄清楚它在哪个文件中,或者 Safari 是否已将它从 ~/Library/Cookies/HSTS.plist
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.