Google Chrome 63 Forcing .dev Domains to HTTPS

12th Dec, 2017 | Environments | Read Time: 1 min

After returning from a week's vacation, I opened up Chrome today only to find none of my local websites worked.


After spending a couple hours clearing my DNS caches, checking my dev environment settings and adjusting browser settings, I finally noticed in the address bar that HTTPS was being forced? After conducting a search as to why, I discovered Chrome (which updated on my machine this morning) is now forcing the .dev domain to use HTTPS via a preloaded HTTP Strict Transport Security (HSTS) header. It seems Google has purchased 101 Generic Top Level Domains (gTLDs), and .dev is one of them. Why are they suddenly forcing HTTPS? No one seems to know yet.

Many developers (myself included) have been using the .dev domain for their local development environments. I wish I had seen this article from 2 years ago that advocates against using .dev. Now developers will have to choose between spending the time changing all their local working copies to a new domain or simply switch browsers. I predict, however, that all browsers will eventually do the same thing, so switching browsers is probably just a short-term solution. The question then is, what domain should be used instead?

Some have suggested using the .test reserved TLD. But I have worked for companies that use .test for their QA testing environments. This would not be a viable solution for everyone.

Others have suggested .localhost. But this can also cause issues since some browsers force loopbacks. There is a proposal to make this the new standard, but it is still only just a proposal... by none other than a Google employee.

I have decided I'm going to switch back to the former industry standard, which was .local. I used to use this until .dev became the preferred method. You know the old saying... "don't fix what ain't broke".


Leave a comment