Chrome forces HTTPS on all .dev domains

If you're anything like me your development workflow involves spinning up VMs using Vagrant or some other workflow automation process. (shoutout to geerlingguy and the DrupalVM project!) I've been creating this Development machines for projects for years now using projectname.dev as my local dev path. Well, turns out that ".dev" is now a valid TLD. A recent update to Google Chrome (Chrome 63) has pushed an update where all .dev TLDs are set to force_https. Interestingly, reading through the release notes, there is no mention of this change. Although the comments on the release notes contain several messages from developers who lost access to their local dev environments.

You can verify this behaviour yourself, in chrome navigate to: chrome://net-internals/#hsts and put any of your ".dev" domains into Query HSTS/PKP domain and you'll see "static_upgrade_mode: FORCE_HTTPS".

I'm not about to generate TLS certs for all my test sites. So I just finished renaming a handful of config files to use .test instead of .dev. Hopefully this helps save a few of you a headache troubleshooting your VMs and why you can no longer access them in Chrome. As a side note other browsers like Firefox do not seem to be affected.