Resolving HSTS while using Google Auth with Microsoft Edge
|Fiddler Everywhere||1.0.0 and above|
|Microsoft Edge||all versions|
Fiddler Everywhere provides an option to use a unique Fiddler account or Google authentication. When using the Google authentication option when Microsoft Edge is set as the default OS browser, the callback may fail silently and Fiddler Everywhere never finishes authenticating the user.
This is due to a Microsoft Edge default setting that automatically redirects localhost HTTP traffic to HTTPS. This is known as HSTS and has a detrimental effect on the authentication flow of Fiddler Everywhere.
To resolve this, you can remove
localhost from the list of addresses that Microsoft Edge enforces HSTS on. As a result, the callback is successful and Fiddler Everywhere finishes authenticating.
Take the following steps:
- Open the Microsoft Edge and enter
edge://net-internals/#hstsin the address field. Edge will open a special net-internals configuration page.
- Locate the "Delete domain security policies" section.
localhostinto the box, then click the Delete button.
- Start Fiddler Everywhere and use the Google authentication option again.
Here is a screenshot of the setting and what to do: