Re: [secure-contexts] `*.localhost` + DNS

While we are talking about this (please ignore if it's too much of a tangent)...

As a developer that works on multiple websites, I have a wildcard DNS entry that points `` to (as an aside it resolves to for the browsers in a VM).

I would like this setup, where the DNS does resolve to, to be considered a secure origin, so I can easily develop websites without having to setup HTTPS on my local machine (I suspect I will need to anyway, but though I'd mention it).


> On 3 May 2016, at 11:22, Mike West <> wrote:
> In <>, Ryan and Emily have (again) reminded me that the resolution rules for `*.localhost` in <> are all MAY or SHOULD, and folks are SHOULDing their way out to the network in various configurations.
> Given this, it's not clear to me that we can ("should"?) treat `*.localhost` as a secure context. I think it might be a good idea to drop step 3 of <> accordingly.
> -mike

Received on Tuesday, 3 May 2016 11:43:26 UTC