Browsers these days either mark sites with a padlock
(https://) or “not secure” (
http://). This
warns the users that without the protection of ”
https://”
your communications could be read or modified by any network your
packets travel over. But how should ”
http://localhost”
be marked? That’s your own computer so it’s secure, but the
connection isn’t encrypted so a padlock would be misleading.
It turns out that the browsers have three options for the url bar, not
just secure and insecure. Here’s what they look like in Firefox:
Localhost Security Messaging
Link post
Browsers these days either mark sites with a padlock (
https://) or “not secure” (http://). This warns the users that without the protection of ”https://” your communications could be read or modified by any network your packets travel over. But how should ”http://localhost” be marked? That’s your own computer so it’s secure, but the connection isn’t encrypted so a padlock would be misleading.It turns out that the browsers have three options for the url bar, not just secure and insecure. Here’s what they look like in Firefox:
Chrome:
Safari:
Despite the unusual URL bar treatment, the major browsers do now all treat this configuration as a secure context (spec), which means you can use features that require secure contexts, like crypto, MIDI, or geolocation.
Comment via: facebook, mastodon