fix: allow accessing http://127.0.0.1 from https page #506
Conversation
... since 127.0.0.1 is [potentially trustworthy](https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy) and honored by most browsers (chromium & firefox)
cyjake
force-pushed
the
fix-secure-host-check
branch
from
e157b91
to
f6ec4aa
Compare
|
Can you describe the use case where you need to access |
|
@brycekahle when developing webapps locally, the app might need to be accessed with a custom domain (such as daily.example.com) to access cookies at example.com to make third party sso work. In our webapp specifically, we use webpack-dev-server in development mode to take advantage of live reload and hmr etc. The dev server is spun up on a different port. There are two ways to accomplish the problem I described above: a) make the dev server run in https/http2 mode as well The first approach isn't working well since Chrome doesn't allow ip address with self issued certificates nowadays. And even if it does, developers still need to add certificate exceptions twice (one of the host domain, one for the assets domain). The second approach (127.0.0.1) has no such issues since browsers regard it as potentially trustworthy according to the spec. |
|
Fixed in a57c910 |
... since 127.0.0.1 is potentially trustworthy and honored by most browsers (chromium & firefox)
fixes #486