funny how it seems like exactly the websites that turn on HSTS are also the ones that tend to have their certs expire
-
-
Replying to @tehjh @scarybeasts
I used to know chrome's HSTS cheat code by heart because of a certain website...
1 reply 0 retweets 0 likes -
Replying to @tehjh
Does it still work? I tried it but no luck and some references suggest a command line flag is needed; I'm too invested in my current tabs to restart :)
2 replies 0 retweets 1 like -
Replying to @scarybeasts @tehjh
It changed in late 2017 and I base64d it to make it harder.
2 replies 0 retweets 0 likes -
Restart with --disable-web-security
1 reply 0 retweets 2 likes -
I hear --no-sandbox is also required.
1 reply 0 retweets 2 likes -
WARNING TO ANY NORMALS WHO MAY HAPPEN BY: this ispic.twitter.com/mwfTKCg37q
2 replies 0 retweets 3 likes -
Yeah maybe just --disable-dev then.
1 reply 0 retweets 1 like -
Eric's just hating on our thought leadering
1 reply 0 retweets 5 likes -
It's too late to put the genie back in the bottle now. strings /opt/google/chrome/chrome | grep unsafe unsafely-treat-insecure-origin-as-secure enable-unsafe-webgpu allow_unsafe_function_constructor ERIC WHAT HAVE YOU DONE
1 reply 0 retweets 3 likes
tip: if the browser sends or reacts to headers and there is no config option to tell it to stop, `sed` is your friend for changing the header name in the browser binary. but annoyingly http://defuse.ca is on the hsts preload list, so that won't work...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.