Localhost Security Messaging

December 31st, 2022
tech
Browsers these days either mark sites with a padlock (https://) or "not secure" (http://). This warns the users that without the protection of "https://" your communications could be read or modified by any network your packets travel over. But how should "http://localhost" be marked? That's your own computer so it's secure, but the connection isn't encrypted so a padlock would be misleading.

It turns out that the browsers have three options for the url bar, not just secure and insecure. Here's what they look like in Firefox:

Chrome:

Safari:

Despite the unusual URL bar treatment, the major browsers do now all treat this configuration as a secure context (spec), which means you can use features that require secure contexts, like crypto, MIDI, or geolocation.

Comment via: facebook, lesswrong, mastodon

Recent posts on blogs I like:

Solution-Focused Brief Therapy

Look! A therapy technique people don't already know!

via Thing of Things May 14, 2025

Workshop House case study

Lauren Hoffman interviewed me about Workshop House and wrote this post about a community I’m working on building in DC.

via Home April 30, 2025

Impact, agency, and taste

understand + work backwards from the root goal • don’t rely too much on permission or encouragement • make success inevitable • find your angle • think real hard • reflect on your thinking

via benkuhn.net April 19, 2025

more     (via openring)