Reputation: 11242
In browser why facebook.com automatically call https://www.facebook.com even after deleting cache/history
In my /etc/hosts I have added an entry to point www.facebook.com to my local ip address. Now even after deleting complete cache/browser history, why typing www.facebook.com calling https://www.facebook.com ?
Upvotes: 0
Views: 87
Answers (1)
Reputation: 23975
This is due to HSTS.
As Troy Hunt explains:
This is Chrome saying “I’m not even going to issue that request, instead I’m going to change it to HTTPS then try again” which is what gives us the second request. This is key: Chrome has refused to issue the first request over the insecure HTTP protocol.
Note the similarity to what you are describing - it automatically changed http to https.
HSTS protects against man in the middle attacks. You pointing facebook.com at localhost, is basically a man in the middle attack.
https://www.google.com/search?q=disable+hsts shows how to disable it if necessary. Or https://null-byte.wonderhowto.com/how-to/bypass-facebooks-hsts-0169414/ may work to bypass it.
Upvotes: 1
Related Questions
- Facebook redirection after login
- Facebook : HTTPS is required for all Redirect URIs
- Why I can't see the old facebook likes on my website after I change the address from http to https?
- Why does 301 to HTTPS redirect show for my website, but for Facebook it doesn't
- Typing a URL http address in Firefox will auto redirect to HTTPS
- Facebook redirect to non secure version of page tab after login
- facebook apps redirect to hosting url in the first usage
- ssl for facebook https is not working
- Facebook is not redirecting to https when accessing tab URL
- Facebook App redirecting to https