Installed some updates on Ubuntu and now Chrome is prefixing all of my local development sites with https. I haven't got any certificates installed so Apache is refusing to connect and I'm getting this error message:
This site can’t be reached
xyz.dev refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
I'm using Chrome 63.0.3239.84 on Ubuntu 16.04
The sites work in Firefox 57.0.1 so its a Chrome specific thing.
How do I switch this off in Chrome?
You can’t switch it off. Google has bought the .dev TLD, so now they think they can do what they think is best with it.
https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts has more info on the whole issue.
Switch to another extension for local development (I usually prefer .local - hope they don’t get their grubby little fingers on that one at some point, too, LOL), or install at least a self-signed certificate in your Apache.
Related
Since chrome update version 99.0.4844.84 I am unable to load http (unsecure) resources from localhost.
This setting chrome://flags/#allow-insecure-localhost DOES NOT WORK
I have uninstalled chrome and reinstalled it yet issue persists.
Firefox does allow insecure content from local host so I can continue to use this for dev.
Generating a SSL certificate for localhost is not a viable option.
Has anyone else experienced this issue and been able to implement a fix?
I am developing a webpage that uses camera. When I test in Chrome in my local network, camera doesn't work and I get warning in the console:
getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See link for more details.
In the link provided there is an instruction to set some flags in Chrome. So I tried. My command looks like this:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --unsafely-treat-insecure-origin-as-secure="192.168.0.15" --user-data-dir=c:\chrome-dev-profile
But when I run Chrome I get this message:
You are using an unsupported command-line flag: --unsafely-treat-insecure-origin-as-secure. Stability and security will suffer.
What am I doing wrong?
Is there another way I can test in local network without setting up https server? I need this just for development.
Luka,
I've run into this bug just yesterday. I have not found out how to get Chrome to honor that flag on the command line yet. But I did find a workaround that works for my case.
I'm running my web services on a Linux machine that is running an ssh server. I'm testing on windows with chrome, and used putty to connect to the linux box from windows and then created a "local port forward" to make my remote linux box's ipaddress:port appear on localhost:port on windows. Depending on your platform this workaround may work for you. This approach isn't too cumbersome if you only have a few ports to forward.
In my particular case my setting for putty looked like
L8080 localhost:8080
To see more about port forwarding and ssh see: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
After upgrading to Windows 10, I am receiving the ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Google Chrome (Firefox 39 just doesn't load the page) when I attempt to access my machine over HTTPS. I have a GoDaddy signed certificate for my computer.
I've attempted disabling most of my encryption ciphers per https://http2.github.io/http2-spec/#BadCipherSuites.
I've gone so far that I've disabled ciphers that are keeping me from RDPing to my desktop...and it still gives me an error!
Any guidance is appreciated.
Apparently you are not the only one having this issue: Disabling HTTP/2 / SPDY in HTTP.SYS and IIS in Windows 10
According to the error message this is a SPDY issue, so the certificate and the cipher suites are not the cause.
SPDY is a protocol allowing multiplexing HTTPS requests but it will be replaced by HTTP/2. As a temporary fix, you can apparently disable its support in you browser/registry/server.
I ran into this same issue after my win 10 dev machine got updated twice recently (the updates took around 35-40 minutes to deploy each time) and after this i was not able to run my Visual studio 2015 web applications over Https on Chrome but was able to run on IE
I tried out the registry method for disabling Http 2 as mentioned
here, but this did not worked for me
Then I came across the following solution: I downloaded IIS Crypto and
selected "Cipher Suites" option and clicked Best Practices button, and applied
it, My problem was gone and i can now run my web app over Https in Chrome just like before
Uncheck "Enable SSl" in your project properties under the Debug tab
I solved a similar problem by removing the parameter "Strict´Transport-Security" with value "max-age = 31536000; includeSubDomains; preload" from "HTTP Response Headers"
I develop a few webpages on my local computer. My setup is one virtual server in nginx for each site and then an entry in /etc/hosts for each site pointing an domain name to 127.0.0.1.
However I switched computer to a chromebook and can't keep this way of working anymore.
I use nginx in a crouton created debian chroot and it works fine. However chrome os won't let me edit /etc/hosts. I still reach my nginx with 127.0.0.1 but I can't reach any of my virtual servers anymore.
What's your solution to this problem? (I know that I can force edit /etc/hosts on chrome os if I disable automatic updates, I would wish to avoid this.)
You can try a google chrome extension like this one to override dns settings: https://chrome.google.com/webstore/detail/dns-overrider/acmhaiiijfheggcaanjlgpampclpbnoh/
I've got a web site that uses SSL Client certificate authorization.
All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the recommended one was Google Chrome, because it uses same SSL warehouse as IE, so certificate installation was pretty easy (click-click-password-done!).
After last update of Google "Chrome 29.0.1547.57 m", noone can access my web-server, even me.
Google chrome error only! IE and FF working fine.
Error is: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED.
Same in server error log.
Do you have any suggestions?
The problem is that most part of clients are non familiar with PC's and they got very frightened about that situation. So phone support guys are under the wave of calls.
We are experiencing the same problem. As Sean has reported, it seems that Chrome on Windows XP
negotiates TLSv1.2 even though the operating system does not support SHA-2 (say, SHA-256 or SHA-384)
hash function.
We found that Chrome fails when it receives "client certificate request" following SERVER HELLO.
SERVER HELLO itself negotiates RC4-SHA1 (in our environment) which should succeeds. The problematic
packet seems the "client certificate request" that includes SHA-2 (as well as SHA1) functions for hashes.
Invoking Chrome with "--enable-logging --log-level=0" outputs the following message:
ERROR:nss_ssl_util.cc(193)] ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: NSS error -12222, OS error -2146893816
This is an Operating system error corresponding "NTE_BAD_ALGID" for CryptSignHash function:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380280(v=vs.85).aspx
Disabling TLSv1.2 on the server should fix the problem. But I think Chrome should prefer SHA1 on Windows XP.
I'm experiencing the same thing here with Windows7 client systems unable to authenticate with client certificates against some of our systems, but not others. The affected servers are running Apache Tomcat while the unaffected are running IIS7, though I'm hesitant to identify that difference as the culprit.
Anyone else seeing this?
EDIT:
I'm able to eliminate the problem by disabling TLSv1.2 on the server. Is anyone else able to replicate this experience?
I would also be interested to know whether anyone else is seeing this on anything but the Windows platform, as it's the only place it's happening here (same version OSX has no issues).
EDIT2:
Chrome Bug Report here: https://code.google.com/p/chromium/issues/detail?id=278370
EDIT3:
Should be working again in latest Chrome stable. Chrome 30 will have a more robust fix, but 29.x should also work now.
I recently had a similar issue in Chrome on Mac OS. It worked fine with Firefox, but started failing in Chrome and Safari after changing my corporate (AD) credentials -- I guess the issue was a mismatch between system creds and the keychain creds.
The solution for me was a reset of the private key(s) access permissions in the Keychain Access app.
To do the reset:
In Keychain Access app right-click each private key that fails and select "Get Info".
Go to "Access Control" tab and set "Allow all applications to access this item" -- click on that option even if it's already set. Then click Save Changes.
Refresh the website that fails and you should be prompted to enter keychain password -- enter it and select Allow Always.
It is combination of Win XP and Google Chrome 29.0.1547.57 m
On Win 7/8 this problem doesn't occur.
You could install older working version 28.0.1500.95
http://www.filehippo.com/download_google_chrome/15657/
But settings for disabling updating are not so easy.
http://dev.chromium.org/administrators/turning-off-auto-updates
The problem is caused by Chrome running TLSv1.2 on Windows XP.
This can be disabled on the server side but also on the client side.
To run Chrome with a lower version of TLS, start it with the command-line option --ssl-version-max=tls1.1
I had this problem Connecting Chrome with WebSockets to apache throw proxy_wstunnel_module.
My solution was configuring httpd.conf
ProxyPass /wss2/ ws://127.0.0.1:8080/ retry=0 keepalive=On
ProxyPassReverse /wss2/ ws://127.0.0.1:8080/ retry=0
<Location /wss2/>
SSLRequireSSL On
SSLVerifyClient none
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
SSLRenegBufferSize 10486000
</Location>
Chrome WebSockets does not like the parameter SSLVerifyClient optional
I hope this helps.