Localhost Security Messaging

December 31st, 2022
Browsers these days either mark sites with a padlock (https://) or "not secure" (http://). This warns the users that without the protection of "https://" your communications could be read or modified by any network your packets travel over. But how should "http://localhost" be marked? That's your own computer so it's secure, but the connection isn't encrypted so a padlock would be misleading.

It turns out that the browsers have three options for the url bar, not just secure and insecure. Here's what they look like in Firefox:



Despite the unusual URL bar treatment, the major browsers do now all treat this configuration as a secure context (spec), which means you can use features that require secure contexts, like crypto, MIDI, or geolocation.

Comment via: facebook, lesswrong, mastodon

Recent posts on blogs I like:

What are the results of more parental supervision and less outdoor play?

Ups and downs for mental health and injury rates The post What are the results of more parental supervision and less outdoor play? appeared first on Otherwise.

via Otherwise November 24, 2023

My startup advice

I sat down for a conversation with Alex Long. He took notes and sent them to me, and it seemed worth lightly-editing the notes and posting. I’ve left it quite raw, more like a tweet thread than a proper blog post.

via Home October 23, 2023

A Big Problem With The Going To Bed Book

One day my dad was reading this book called the "Going to Bed Book" to my sister Nora. The book is basically about a bunch of animals who are getting ready for bed on a boat. They go down the stairs, take a bath, hang their towels on the wall, find…

via Lily Wise's Blog Posts September 18, 2023

more     (via openring)