9
atroxi
7y

Chrome 63 forces .dev domains to HTTPS via preloaded HSTS.

Well, FUCK YOU google. Why do you even give a shit of my local proxy.

Comments
  • 2
    Shhh... Firefox
  • 0
    So install a self signed cert ?😕
  • 0
    ended up changing all my project extensions to .local :/ there is prolly a better way, but I am prolly to lazy to find it :)
  • 2
    Still, it seems like it would be okay for a company that makes a browser to choose how that browser handles a gTLD the company owns?
    Whether .dev should have been sold or even created is another story, as I think it should have had the same status as example.com and example.org

    https://ma.ttias.be/chrome-force-de...
  • 0
    .test seems pretty safe
  • 0
    @mzeffect yep seems the way to go since the update anyway 👍🏼
  • 2
    I solved this problem in four easy steps:

    1. configured a self signed certificate
    2. installed Firefox, added cert as trusted.
    3. changed .dev to .butt
    4. changed wallpaper to dark with a bright fat font "Google can go suck a cock"

    I'm not even testing in Chrome anymore. End users can do that for me.
  • 0
    @bittersweet I'll just stick to .test for now, it's fine for me. But yeah, Firefox it is (again!) from now on.

    Google starts to make some weird decisions I have to say. I would like to know if there's any other reasons than "we can do it so let's do it" (and piss off thousands of devs...) for Google to do such thing. Strange.
  • 2
    I agree it's not good and especially with a TLD and even more so with .dev!

    But this is not a question of what we think they should do — they bought the .dev (and quite a few others: https://www.registry.google) gTLD (which Amazon also wanted to) and can basically do things like that if they want to, without having to worry if you were using the TLD in a local setup that will now stop working.

    They already did the same with .google in 2015 and have been open about expanding the roll-out to the rest of their (non-open) TLDs, starting with .dev and .foo: https://security.googleblog.com/201...

    If you wanna keep yourself from that kind of outside influence, I suggest you start using sub-domains of a domain you actually own or control instead of a TLD that "seems pretty safe for now" or at least something that is already in use somewhere and not affiliated with any of your tool vendors ;)
    Alternatively do as mentioned above and use .localhost and hope this draft makes it through to standard: https://tools.ietf.org/html/...
  • 2
    @Flygger

    The best option is actually to .test, as it is specifically reserved TLD by IANA for development purposes.
  • 1
    @Flygger thanks for this. I knew most of it but I'm still pissed of 😂 and yeah, fingers crossed for this draft to pass 🤘
  • 1
    @bittersweet thanks, I missed that one ;)

    Main point though (and applicable everywhere): if you're not in control of it, don't rely on it ;)
  • 0
    If you use .localhost instead of .dev or .local you won't have to worry about mapping your hosts file. Asides from it being a pain for legacy projects using .dev... Using .localhost makes a lot more sense. localhost is already mapped so it simplifies setups.
Add Comment