Disable HSTS for self-signed?


#1

A self-signed cert on the locaal development server gives you a lot of errors in the Console, like:
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
I tried to disable HSTS according to the docs with hsts_max_age: 0, but that doesn’t seem to work? Still shows the same errors after reprovisioning.


#2

Or maybe the SSL config just isn’t updated when you reprovision with added hsts_max_age: 0?


#3

I tried hsts_max_age: 0 but the security errors remain (in Firefox console that is). HSTS doesn’t make much sense with a self-signed cert, does it? Maybe it would be better to completely disable HSTS for self-signed?