Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Rohkem teavet

HTTP Strict Transport Security prevents me from accessing a server that I'm doing development on

  • 3 vastust
  • 21 on selline probleem
  • 733 views
  • Viimati vastas nmjbhoffmann

more options

I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore.

I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then.

I've also manually added an exception in the certificate options, though that also didn't work.

Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.

I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore. I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then. I've also manually added an exception in the certificate options, though that also didn't work. Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.

Valitud lahendus

An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.

Open your current Firefox settings (AKA Firefox profile) folder using either

  • "3-bar" menu button > "?" button > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.

Leaving that window open, switch back to Firefox and Exit/Quit, either:

  • "3-bar" menu button > "power" button
  • (menu bar) File > Exit / Quit

Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.

When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.

Loe vastust kontekstis 👍 5

All Replies (3)

more options

Valitud lahendus

An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.

Open your current Firefox settings (AKA Firefox profile) folder using either

  • "3-bar" menu button > "?" button > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.

Leaving that window open, switch back to Firefox and Exit/Quit, either:

  • "3-bar" menu button > "power" button
  • (menu bar) File > Exit / Quit

Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.

When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.

more options

Or maybe you're saying it's a clock problem, not a certificate problem. Could you copy/paste the actual error message?

more options

Thanks man, you're a life saver.

Deleting the entry in SiteSecurityServiceState.txt worked like a charm.