Server side solution to stop redirect from http to https in Chrome

If you have configured your main web site domain to use SSL for example https://your.domain and https://www.your.domain and you have other sub-domains that you access without SSL you could face an issue where Chrome browser insists to use HTTPS on your sub-domains as well. This can cause problems accessing your sub-domain if it is not using SSL.

Even if you manually type http://subdomain.your.domain it will automatically redirect you to https://subdomain.your.domain

In order to fix this temporarily you could go to Chrome configuration page by typing this in the URL field:

chrome://net-internals/#hsts

There you can make query about your domain and if found in the HSTS table delete it. But this will be just temporary fix which will work until your next visit to your main domain.

In order to permanently fix it you should disable HTTP Strict Transport Security on the web server. For example in nginx configuration you should find appropriate section of your server configuration and add following:

server {
 #...
 ssl on;
 #...
 add_header Strict-Transport-Security "max-age=0;";
 #...
 }

Make sure you first delete the domain from HSTS table in Chrome, then reload your nginx configuration. Your next visit to your main site domain will not force your other sub-domains to redirect to https.

If you are interested to find out more about strict transport security you can visit this link.

Leave a Reply

Your email address will not be published. Required fields are marked *