Question about deprecating-powerful-features-on-insecure-origins document

[Peter Long]

Hi all,

I have done a rudimentary search of this forum regarding the document https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins. Unfortunately I did not find an answer to my question. So sorry if I am asking about something that has already been answered.

For local development purposes I see the document says:

> http://localhost is treated as a secure origin

I think that is great. Did the security team consider treating any hostname that resolved to 127.0.0.1 as a secure context instead? Are there security concerns with doing that? I frequently use <somesubdomain>.lvh.me has hostnames for various sides all running off localhost. Any hostname *.lvh.me resolves to 127.0.0.1. I know there are other domain names that also resolve to 127.0.0.1 and that are used for a similar purpose.

Thanks,

Peter Long.

[PhistucK]

I do not have answer, but you do know how to make Chrome treat those as secure as well, right (--unsafely-treat-insecure-origin-as-secure)?

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Security-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.