I have following setup:
The application https://app.domain.de
is our production environment and is automatically forwarded to use HTTPS. All works fine here. On top, there are several development versions of the application for our QA-Team accessible via http://develop.app.domain.de
(no HTTPS needed here).
The problem begins here: As soon as I visit https://app.domain.de
Chrome (and I guess also other browers) forwards http://develop.app.domain.de
(no HTTPS) also to https://develop.app.domain.de
(HTTPS). I can of course disable HSTS and clear the cache for this domain and http://develop.app.domain.de
will work again, but only until I visit https://app.domain.de
again.
I cannot enable HTTPS for our development environments as you need to have at least a Hobby Plan in Heroku to do so and that would therefore a waste of money for all our development and test versions of the application. I would also like to keep the url schema.
So my questions is how can I disable this nasty forwarding (HSTS) permanently?
You can type thisisunsafe
anywhere on the Google Chrome warning page and it will load it without warning. No joke.