Treat `http://localhost` as a secure context
Developers generally expect `http://localhost` to have the same transport security characteristics as TLS, as it should resolve to a loopback address, and will therefore never hit the network. Chrome will ensure that this expectation is accurate by implementing https://tools.ietf.org/html/draft-west-let-localhost-be-localhost, and carves out `http://localhost` accordingly.
Status in Chromium
No active development (tracking bug)
Consensus & Standardization
- No signal
- Strongly positive
Last updated on 2020-10-25