Stop Safari from Forcing HTTPS on Localhost

At my previous job, we ran one of our frontend services through an HTTPS proxy to ensure our development environment was as close to production as possible (cookie policies, content security warnings, etc). We also used an HSTS policy to direct browsers to only use the HTTPS version of our site. Unfortunately, when Safari picks up on this, it insists on redirecting all localhost requests to HTTPS.

Ideally, Safari would ignore those directives for special domains such as “localhost” or take the port number into account, but until it does, you can reset the HSTS settings by running these lines in Terminal:

sudo killall nsurlstoraged
rm -f ~/Library/Cookies/HSTS.plist
sudo launchctl start

Note that this shortcut will reset the HSTS settings for all websites. If you’re using a lot of open networks, where people could monitor your traffic, feel free to edit the file manually.