Localhost Security Messaging

December 31st, 2022
tech
Browsers these days either mark sites with a padlock (https://) or "not secure" (http://). This warns the users that without the protection of "https://" your communications could be read or modified by any network your packets travel over. But how should "http://localhost" be marked? That's your own computer so it's secure, but the connection isn't encrypted so a padlock would be misleading.

It turns out that the browsers have three options for the url bar, not just secure and insecure. Here's what they look like in Firefox:

Chrome:

Safari:

Despite the unusual URL bar treatment, the major browsers do now all treat this configuration as a secure context (spec), which means you can use features that require secure contexts, like crypto, MIDI, or geolocation.

Comment via: facebook, lesswrong, mastodon

Recent posts on blogs I like:

Steve Ballmer was an underrated CEO

There's a common narrative that Microsoft was moribund under Steve Ballmer and then later saved by the miraculous leadership of Satya Nadella. This is the dominant narrative in every online discussion about the topic I've seen and it's a commo…

via Posts on October 28, 2024

Weird People of History: Jenny from the Jane Abortion Collective

Direct action when abortion was illegal

via Thing of Things October 24, 2024

Inner dialogue, walking down the sidewalk

A discussion I have with myself a lot The post Inner dialogue, walking down the sidewalk appeared first on Otherwise.

via Otherwise October 10, 2024

more     (via openring)