Treat `http://localhost` as a secure context

Developers generally expect `http://localhost` to have the same transport security characteristics as TLS, as it should resolve to a loopback address, and will therefore never hit the network. Chrome will ensure that this expectation is accurate by implementing https://tools.ietf.org/html/draft-west-let-localhost-be-localhost, and carves out `http://localhost` accordingly.

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature>SecureContexts


No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Public support
  • Shipped
  • No public signals
  • Strongly positive

Owner

Last updated on 2018-03-28