Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Why the need for FF and Chrome to hijack dev domains?

  1. #1
    Join Date
    Sep 2014
    Beans
    79

    Angry Why the need for FF and Chrome to hijack dev domains?

    For years I have used a setup on my development machines where http://dev is an index that links me up to all of the projects I'm working on, and common stuff like phpinfo.

    I'm sure you're aware, but now you can't use dev domains without a security certificate, as Firefox and Chrome will force these domains to have a TLS/SSL connection.

    So, I just switched to http://dv. I'm not losing sleep over it, but everytime I see it I am very annoyed. Why would Firefox and Chrome expect my local dev machine to have a real security certificate. A self signed on isn't good enough, and I can't bypass it in any way. I can't even set up an Apache redirect in virtualhost. I can't figure out how to bypass this in Firefox config or anything. I feel like they hijacked my domain and for no good reason.

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Why the need for FF and Chrome to hijack dev domains?

    Let's Encrypt - https://letsencrypt.org/ is the normal answer.

    But I agree, if what you are saying it true. Browsers are trying to be security for the non-technical users out of the box, while still allowing really insecure things like javascript.

  3. #3
    Join Date
    Oct 2005
    Location
    Connecticut, USA
    Beans
    1,559
    Distro
    Ubuntu

    Re: Why the need for FF and Chrome to hijack dev domains?

    Yikes!

    I wonder what this will mean for the Xampp (from Apachefriends) web servers! Either they will need to run https or Firefox and Chrome will need to be able to determine local servers to bypass or skip this requirement.

    I could be wrong, too. Maybe Xampp already has https set up.
    Friends don't let friends wear a red shirt on landing-party duty.
    DACS | Connecticut LoCo Team | My Blog
    Ubuntu User# : 17583, Linux User# : 477531

  4. #4
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Why the need for FF and Chrome to hijack dev domains?

    https://support.mozilla.org/en-US/questions/1027355 seems related.
    Google is pushing hard for all web traffic to be encrypted. They know best, right? NOT!

  5. #5
    Join Date
    Sep 2014
    Beans
    79

    Re: Why the need for FF and Chrome to hijack dev domains?

    Let's Encrypt might be the "normal answer", but try applying that to a domain like "https://dev". As far as I know, you can't do it because of the domain validation that Let's Encrypt requires. So then you might think that you can use a self signed cert, but that's not good enough for Chrome or Firefox.

  6. #6
    Join Date
    Jun 2016
    Beans
    2,286
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Why the need for FF and Chrome to hijack dev domains?

    Does it work to create your own authority certificate with openssl and use it to sign a certificate for your local dev domain?
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  7. #7
    Join Date
    Sep 2014
    Beans
    79

    Re: Why the need for FF and Chrome to hijack dev domains?

    Quote Originally Posted by halogen2 View Post
    Does it work to create your own authority certificate with openssl and use it to sign a certificate for your local dev domain?
    Nope. I just went through the whole process, and it does not work. Same error regarding self signed certs.

  8. #8
    Join Date
    Jul 2006
    Location
    Here
    Beans
    11,189

    Re: Why the need for FF and Chrome to hijack dev domains?

    what about a hosts file redirect?
    like:
    192.168.0.1 http://dev

    that's an example, don't do if your router is there, unless you don't need to access your router.
    Last edited by kerry_s; April 14th, 2018 at 03:37 AM.

  9. #9
    Join Date
    Sep 2014
    Beans
    79

    Re: Why the need for FF and Chrome to hijack dev domains?

    Quote Originally Posted by kerry_s View Post
    what about a hosts file redirect?
    like:
    192.168.0.1 http://dev

    that's an example, don't do if your router is there, unless you don't need to access your router.
    There's no sane way around this. They've decided that any domain that ends in "dev", even if it's not a dot dev (.dev) domain, must have a valid security certificate that's not self signed. You can't bypass this, or allow an exception like you normally can for any other website/domain.
    Last edited by Gottier; April 14th, 2018 at 04:06 AM.

  10. #10
    Join Date
    Jul 2006
    Location
    Here
    Beans
    11,189

    Re: Why the need for FF and Chrome to hijack dev domains?

    lol
    where there's a will there's a way
    just haven't found it yet

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •