Running Mac 10.11.6 El Capitan, latest-greatest of Chrome.
Working through Jump Start PHP Environment. Get to page 52, trying to go to homestead.app in Chrome results in a warning:
Your connection is not private
Attackers might be trying to steal your information from homestead.app…
There is no “Proceed anyways” button, and all of the solutions posted in other help sites do not appear to solve it (ie. going to chrome://net-internals/#hsts and inputting homestead.app in the Delete function at the bottom.)
Going directly to 192.168.10.10 in Chrome works fine - the index.php page loads up.
Using Safari works fine with both homestead.app and 192.168.10.10, so am assuming I’ve correctly added the redirect in Terminal.
I’ve been reading that Google is trying to force everyone to https come July 2018 - is this a preview of messes to come?
Any solutions to testing in our own local dev sandbox? Please and thanks.
Thanks. That did clear up the held cache (and note to Mac people, the command is command-option-i and only open the Dev Tools while on the offending page, of course).
However, I think the problem is - the newest version of Homestead on GitHub is mapped to homestead.test and not .app as in the book. When I opened the Homestead.yaml file, it listed:
sites:
- map: homestead.test
to: /home/vagrant/Code/Project/public
And when I changed the /etc/hosts file to:
192.168.10.10 homestead.test
it all worked.
SO, I suspect Chrome is doing its job in checking the requested homestead.app and the VM (or whatever) is returning homestead.test, which doesn’t match, thus triggering the security alert.
Maybe time to update the book? It is three years old now and possibly out-of-date. Note that I also wasn’t able to launch TextEdit via the Terminal to edit /etc/hosts and instead had to enter sudo nano /etc/hosts to edit directly in the Terminal. Not sure if should be the case or not.
And of course can’t get to the test.app portion of the exercise in Chrome, but everything is working as described in Safari. And no luck with the clear and hard reset - just keeps going back to https.
Long story short: .app is hard-coded to redirect to https in Chrome and Firefox (as will .dev and .foo, apparently)
Solution is to only use .test which appears to work just fine.
Sitepoint really needs to update this book and use .test for all examples including homestead.test and test.test. Because how long before Safari, Opera and all of the other browsers follow suit like Firefox did and none of the examples work anywhere?
Might also help to explain how to add a certificate (self-signed or otherwise) to our local VM so we could play with https as well.