HTTP Strict Transport Security prevents me from accessing a server that I'm doing development on
I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore.
I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then.
I've also manually added an exception in the certificate options, though that also didn't work.
Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.
Chosen solution
An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.
Open your current Firefox settings (AKA Firefox profile) folder using either
- "3-bar" menu button > "?" button > Troubleshooting Information
- (menu bar) Help > Troubleshooting Information
- type or paste about:support in the address bar and press Enter
In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.
Leaving that window open, switch back to Firefox and Exit/Quit, either:
- "3-bar" menu button > "power" button
- (menu bar) File > Exit / Quit
Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.
When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.
Read this answer in context 👍 5All Replies (3)
Chosen Solution
An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.
Open your current Firefox settings (AKA Firefox profile) folder using either
- "3-bar" menu button > "?" button > Troubleshooting Information
- (menu bar) Help > Troubleshooting Information
- type or paste about:support in the address bar and press Enter
In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.
Leaving that window open, switch back to Firefox and Exit/Quit, either:
- "3-bar" menu button > "power" button
- (menu bar) File > Exit / Quit
Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.
When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.
Or maybe you're saying it's a clock problem, not a certificate problem. Could you copy/paste the actual error message?
Thanks man, you're a life saver.
Deleting the entry in SiteSecurityServiceState.txt worked like a charm.