A self-signed cert on the locaal development server gives you a lot of errors in the Console, like:
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
I tried to disable HSTS according to the docs with hsts_max_age: 0
, but that doesn’t seem to work? Still shows the same errors after reprovisioning.
Or maybe the SSL config just isn’t updated when you reprovision with added hsts_max_age: 0
?
I tried hsts_max_age: 0
but the security errors remain (in Firefox console that is). HSTS doesn’t make much sense with a self-signed cert, does it? Maybe it would be better to completely disable HSTS for self-signed?
Did you get anywhere with this? I’m getting dozens of these warnings filling up my console every time I reload the page on my development environment. I can filter them out, but I’m not satisfied. I’ve set hsts_max_age: 0
and my provider: self-signed
.
No. I turned off the warnings in the console. As I said, I guess HSTS should be completely disabled for self-signed. I’ll try to figure it out, when I have some time.