http – How to prevent Safari 18 from forcing HSTS policy for subdomains for development purposes? – Ask Different


I have a variety of sites under development staged using subdomains of a single domain (e.g., this.example.com, that.example.com, etc.). Some implement SSL; some don’t. This is fine – they’re all works in progress not accessible outside my LAN.

The problem is that Safari remembers its HSTS policy for an entire domain, not per subdomain. Once it loads https://this.example.com, it refuses not only to load http://thissub.example.com, but also http://that.example.com. Removing the local data for the parent domain under “Safari > Settings > Privacy > Manage Website Data” works until various changes between http and https are remembered, at which point it once against rejects all http connections.

The constant nannying means it’s not feasible to analyze the developing sites using Safari, which is particularly annoying since that’s the target browser for all of them. Older suggestions (e.g., delete ~/Library/Cookies/HSTS.plist) aren’t applicable to Safari 18. Is there some way to force it to stop mothering me?

Latest articles

spot_imgspot_img

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img