I have following setup:
The application https://app.domain.de is our production environment and is automatically forwarded to use HTTPS. All works fine here. On top, there are several development versions of the application for our QA-Team accessible via http://develop.app.domain.de (no HTTPS needed here).
The problem begins here: As soon as I visit https://app.domain.de Chrome (and I guess also other browsers) forward http://develop.app.domain.de (no HTTPS) also to https://develop.app.domain.de (HTTPS). I can of course disable HSTS and clear the cache for this domain and http://develop.app.domain.de will work, but only until I visit https://app.domain.de again.
I cannot enable HTTPS for our development environments as you need to have at least a Hobby Plan in Heroku to do so and that would therefore be a waste of money for all our development and test environments of the application. I would also like to keep the url schema.
So my questions is how can I disable this nasty forwarding (HSTS) permanently?
You can type thisisunsafe anywhere on the Google Chrome warning page and it will load it without warning. No joke.