You are here: Home » NewsFeeds » Chrome to force .dev domains to HTTPS via preloaded HSTS

Chrome to force .dev domains to HTTPS via preloaded HSTS

Mattias Geniar, Sunday, September 17, 2017

tl;dr: one of the next versions of Chrome is going to force all domains ending on .dev (and .foo) to be redirected to HTTPs via a preloaded HTTP Strict Transport Security (HSTS) header.
This very interesting commit just landed in Chromium:
Preload HSTS for the .dev gTLD.
This adds the following line to Chromium’s preload lists;
{ “name”: “dev”, “include_subdomains”: true, “mode”: “force-https” },{ “name”: “foo”, “include_subdomains”: true, “mode”: “force-https” },
It forces any domain on the .dev gTLD to be HTTPs.

Yes, unfortunately.
It’s been bought by Google as one of their 100+ new gTLDs. What do they use it for? No clue. But it’s going to cause a fair bit of confusion and pain to webdevelopers.
The .dev gTLD has nameservers and is basically like any other TLD out there, we as developers just happen to have chosen that name as a good placeholder for local development, too, overwriting the public


 

Original article