Why .dev domains automatically redirect to HTTPS?
If you’re a web developer developing in local environment you most probably use .dev for projects you are working on. If you’re using Valet on Mac development is quite simple since every folder from your projects folder is instantly accessible in browser if you just enter folder name and add .dev. It works like magic without messing with any hosts files. It just works!
But then Google decided to complicate things a bit. First they have forced all .dev domains to use SSL. Since December 2017 Google Chrome version 63 started redirecting to all .dev domains to secure protocol replacing http:// with https:// in your urls without even asking you. The reason for that is maybe somehow related to fact that Google bought the .dev making it a legit gTLD. They don’t sell these (yet) and the use for this, and for more than 100 other gTLD Google now owns (including .app, .foo), is unknown but for sure it’s going to complicate lives of web developers.
Back to Chrome: this force-SSL feature can’t be turned off in Chrome settings (at least I was unable to find it) so you’ll have to install a self signed SSL so you can continue your work without these annoying SSL warnings. Installing SSL is super simple if you’re using Valet. All you need to do is just execute:
valet secure myproject
and it will automatically install SSL for that project and you can use it instantly in browser loading https://myproject.dev. Again Valet works like magic!
Also now with .dev being an official gTLD, it’s probably smart to change your preferred local development domain from .dev to something else like .test. Why .test? Well it’s much shorter than .localhost, it’s not owned by Google like (.dev or .app) and it’s reserved name by IETF for testing or development purposes to “reduce the likelihood of conflict and confusion”. Other reserved by IETF are .example, .invalid or .localhost and these are way too long for my taste and for often typing.
Replacing .dev with .test in Valet is also very simple. Valet to the rescue!
valet domain test
Now you can load https://myproject.test in your browser.
But what if you (for some reason) don’t want to use SSL. One of the projects I’m I am working on has many of the statics (images, css etc) loaded on CDN that doesn’t support SSL and when I work in local environment I get mixed content errors or simply these don’t load and site looks like mess. I have tried many different gTLDs including .dddd but for every one of them I guess that Chrome somehow figured that these are loaded from localhost and have instantly switched to secure channel. The only solution was to use a different browser like Safari (since Firefox also did pretty much the same thing). Since I got used to Chrome’s debugger I’d like to use a Chrome for this project without SSL. If someone knows how to disable this forcing of SSL on localhost please leave your solution in comments. Thank you!