TechQA.

Deleting Chrome HSTS for facebook.com not working

4.1k views Asked by At

I am currently doing some debugging on my website which involves calling the facebook API.

I've installed dnsmasq to work with my mac os X to redirect all request to facebook.com to 127.0.0.1

I have a echo server which will print out all the raw http request header on port 80 on my laptop.

Now comes my problem. When I access facebook.com, I realize chrome will automatically forward http:// to https:// for facebook.com

I googled and found the way of deleting this HSTS issue. I visit chrome://net-internals#hsts to see something like this:

HSTS chrome image

After entering "facebook.com" under "Delete domain", I can still query "facebook.com" in the input box below.

I tried clearing all user data on chrome, closing and reopening chrome and even using incognito mode.

  • Why is chrome still redirecting all request to facebook.com to https?

  • How can I disable this if chrome://net-internals#hsts is not reliable?

google-chrome ssl hsts
Original Q&A
2

There are 2 answers

0
Anand Bhat On BEST ANSWER

The text next to the Delete domain box on chrome://net-internals/#hsts clearly states that preloaded entries cannot be deleted. This feature request was closed as WontFix in the Chrome bug tracker.

Text showing "you cannot delete preloaded entries

facebook.com and quite a few of its subdomains are included in Chrome's preload list.

0
user7528775 On

You could use another domain name for your tests.

Just make api-calls to facebook-api-test.com, map that domain to localhost and proxy the calls.

Related Questions in GOOGLE-CHROME

Related Questions in SSL

Related Questions in HSTS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions