Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

HTTP Strict Transport Security prevents me from accessing a server that I'm doing development on

  • 3 uphendule
  • 21 zinale nkinga
  • 1 view
  • Igcine ukuphendulwa ngu nmjbhoffmann

more options

I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore.

I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then.

I've also manually added an exception in the certificate options, though that also didn't work.

Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.

I cannot access a clients site that I'm working on due to an HSTS error, I used to be able to bypass this with test.currentTimeOffsetSeconds, however it seems to not work anymore. I use Firefox for development because it has better tools than any browser I've use in the past, however this is a real blocker for me, since the sites I'm working on don't have DNS names yet and can't get updated certificates till then. I've also manually added an exception in the certificate options, though that also didn't work. Please guys, I've always been pushing people to use Firefox, though if it starts limiting my options without any way to bypass it if I feel I need to do something, then I'll be forced to go hunting for a browser that gives me more freedom, not to mention this is costing me work hours.

Isisombululo esikhethiwe

An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.

Open your current Firefox settings (AKA Firefox profile) folder using either

  • "3-bar" menu button > "?" button > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.

Leaving that window open, switch back to Firefox and Exit/Quit, either:

  • "3-bar" menu button > "power" button
  • (menu bar) File > Exit / Quit

Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.

When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 5

All Replies (3)

more options

Isisombululo Esikhethiwe

An exception should work. In order to be able to try re-adding the exception using the Advanced button / Add Exception button approach, you need to first remove the stored HSTS flag.

Open your current Firefox settings (AKA Firefox profile) folder using either

  • "3-bar" menu button > "?" button > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, click the "Open Directory" (or similar) button. This should launch a new window listing various files and folders in your file browser.

Leaving that window open, switch back to Firefox and Exit/Quit, either:

  • "3-bar" menu button > "power" button
  • (menu bar) File > Exit / Quit

Pause while Firefox finishes its cleanup, then open SiteSecurityServiceState.txt in your preferred text editor and delete all lines for the hostname you need to access and save the file.

When you start Firefox again, on your first visit, Firefox normally ignores the HSTS status because it hasn't gotten past the handshake.

more options

Or maybe you're saying it's a clock problem, not a certificate problem. Could you copy/paste the actual error message?

more options

Thanks man, you're a life saver.

Deleting the entry in SiteSecurityServiceState.txt worked like a charm.