Developers generally expect `http://localhost` to have the same transport security characteristics as TLS, as it should resolve to a loopback address, and will therefore never hit the network. Chrome will ensure that this expectation is accurate by implementing https://tools.ietf.org/html/draft-west-let-localhost-be-localhost, and carves out `http://localhost` accordingly.

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature>SecureContexts


No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Positive
  • Shipped/Shipping
  • No signal
  • Strongly positive

Owner

Last updated on 2020-11-25