Caught in Strict-Transport-Security

hadmut · November 26, 2023, 6:59pm

Hi,

using brave from snap 1.60.118, running Ubuntu 23.10, I ran into that problem:

I was browsing a local application under http://localhost:3000/, working well. Due to some misconfiguration/configuration test, the application was set to set a Strict-Transport-Security header, although never offering TLS. Since then, brave insists on using TLS, even on the URL http://localhost:3000/, refuses to talk plaintext HTTP, thus cannot connect to the application anymore.

I did not find any setting in the settings, to reset or cancel this.

Not even deleting the files in ~/snap/brave/current/ actually helped.

So the question is:

How would one cancel Strict-Transport-Security settings for a particular URL/site?

regards

system · December 26, 2023, 6:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I disable forced https when browsing non-secure websites? Desktop Support windows	9	15327	August 31, 2022
Did they removed the always use secure connection option? Browser Feedback browser	10	1102	July 4, 2023
Brave is not allowing me to access my secure server which is locked down both by SSL and IP access	10	1560	March 10, 2021
How to disable forced transfer from http to https? Desktop Support windows	5	12415	July 19, 2021
Disable HTTP support completely. Only ever use HTTPS Desktop Support windows	7	1521	November 23, 2023
Always redirecs http to https connection even when "Always use secure connections" is turned off Desktop Support bug , browser , macos	9	207	December 9, 2024
Brave keeps Redirecting http to https incessantly Web Compatibility windows , android	14	189	January 12, 2025
Possible to Enable TLS 1.0 -OR- Version That Does? Browser Support linux	1	3152	May 17, 2022

Caught in Strict-Transport-Security

Related topics