top | item 36955455

(no title)

plorntus | 2 years ago

Certain browser features/apis are only available when in a secure context https://www.digicert.com/blog/https-only-features-in-browser... so I imagine this might be a reason you would want it.

That being said I don't know why you would pay for an application that does this but I guess I'm not the target market.

discuss

ceejayoz|2 years ago

Yep. A lot of OAuth integrations will refuse to work on HTTP, too. Some have a `localhost` exception to that restriction, but not all.

lostmsu|2 years ago

This long article helpfully forgets to mention, that localhost/loopback addresses are considered secure without https.

https://developer.mozilla.org/en-US/docs/Web/Security/Secure...

WorldMaker|2 years ago

Some features have still moved to TLS-only even for localhost. "Considered secure" is somewhat orthogonal to "requires TLS". You can only use HTTP/2 with TLS, for instance, whether or not you are in a "secure context".