ChromeIPass fails to connect on HTTP when localhost HSTS is imposed by chrome

[IainStevenson]

I am a developer of secure web services and use KeepPass for personal and professional work.

Chrome is my browser of choice and certain development solutions impose HTTPS redirects in testing on my local machine.

Browser navidation to addresses like http://localhost:44347 are redirected IN the browser to https://localhost:44347 automatically by chrome once it detects the first site HSTS imposed redirect.

The problem is that chrome then does that for ALL ports on the local machine.

This is a behaviour I cannot switch off.

When this occurs it disables ChromeIPass from accessing KeePass via KeePassHttp.

Currently the only solution I know of is to go to the Chrome HSTS management page at:

chrome://net-internals/#hsts

Scroll down to the last entry type in localhost and click delete. then things start working.

Its not possible to take out the site redirect instructions due to team development constraints.

My preferred solution is for KeePassHttp to provide an Https communications port using a localhost certificate I nominate on my machine. Such localhost certificates are already available in development environments.

[milux]

I experienced the same issue a while ago... Cost me 2 hours to find the reason for the problem. Had to clear the HSTS status in Chrome via chrome://net-internals/#hsts to make it work again...