HSTS: add note about localhost redirects

See [this issue](#451).
helmetjs · Feb 17, 2024 · 7674c63 · 7674c63
1 parent 2f2fee3
commit 7674c63
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -431,6 +431,8 @@ app.use(
 );
 ```
 
+You may wish to disable this header for local development, as it can make your browser force redirects from `http://localhost` to `https://localhost`, which may not be desirable if you develop multiple apps using `localhost`. See [this issue](https://github.com/helmetjs/helmet/issues/451) for more discussion.
+
 You can use this as standalone middleware with `app.use(helmet.strictTransportSecurity())`.
 
 </details>