Resolving HSTS while using Google Auth with Microsoft Edge
Environment
Product | Version |
Fiddler Everywhere | 1.0.0 and above |
Microsoft Edge | all versions |
Description
Fiddler Everywhere provides an option to use a unique Fiddler account or Google authentication. When using the Google authentication option when Microsoft Edge is set as the default OS browser, the callback may fail silently and Fiddler Everywhere never finishes authenticating the user.
This is due to a Microsoft Edge default setting that automatically redirects localhost HTTP traffic to HTTPS. This is known as HSTS and has a detrimental effect on the authentication flow of Fiddler Everywhere.
Solution
To resolve this, you can remove localhost
from the list of addresses that Microsoft Edge enforces HSTS on. As a result, the callback is successful and Fiddler Everywhere finishes authenticating.
Take the following steps:
- Open the Microsoft Edge and enter
edge://net-internals/#hsts
in the address field. Edge will open a special net-internals configuration page. - Locate the "Delete domain security policies" section.
- Enter
localhost
into the box, then click the Delete button. - Start Fiddler Everywhere and use the Google authentication option again.
Here is a screenshot of the setting and what to do: