About 3 months ago, I added https://hstspreload.appspot.com/ to the HSTS Preload list, but I want to remove it from the list because some subdomains no longer have access from Chrome.
(Non-Chrome browsers are fine)
The following warning appears:
[My Subdomain] .com is currently inaccessible because HSTS is used.Typically, network errors or unauthorized operations are temporary.You may be able to access the page again after a short period of time.
The method I've just tried is
max-age
in the Strict-Transport-Security header on the site sideand so on, but none of them improved.
The environment is Windows 7 Home Premium SP1, Chrome 42, and other PCs in the same network have similar symptoms.
I thought it might be because it was in Chromium's transport_security_state_static.json, but I didn't know how to get it removed from this list.
This is not a programming question, but I appreciate your cooperation.
I also asked Chrome's help forum and found out that the source of Chrome needs to be changed.
https://productforums.google.com/d/msg/chrome-ja/hEx02Yg5MjA/oI_6FR-5-XcJ
I created an issue for the Chromium project, and they said it would take 6 weeks for Chrome to be released in beta, and 6 weeks for it to be more stable, at least 12 weeks, so I'll wait and see.
It seems that the issue of Chrome has been approved and will be applied from the next Chrome update.
In transport_security_state_static.json, I applied that include_subdomains
should be false
but it should be true
direction.
The issue of Chrome has finally been applied in the recent Chrome update.
It took about 4 months, but now the problem is solved.
Thank you for your reply.
Below https://hstspreload.appspot.com/ it says that you are also accepting applications for deletion
You can request to be removed,
I haven't tried it myself, but how about applying for a domain name on the same form as when I registered?
However, as long as you read the entire paragraph containing the sentence, it seems that the deletion is not completely possible.
Be aware that include in the preload list cannot really be done.You can request to be removed, but it will take months for the deleted entry to reach users with a Chrome update and we cannot make guarantees about other browser vendors. Don't request include for you. Thank you.
Therefore, you may want to consider the option of HTTPSing the subdomain in question.
© 2024 OneMinuteCode. All rights reserved.