jefftk

And for developers: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Rel...

The biggest change from my perspective is "Firefox now ensures that localhost URLs — such as http://localhost/ and http://dev.localhost/ — refer to the local host's loopback interface (e.g. http://127.0.0.1). As a result, resources loaded from localhost are now assumed to have been delivered securely (see Secure contexts), and also will not be treated as mixed content (bug 1220810, bug 1488740)."

This is great for local development.

johnchristopher

Does it mean I can curl https://whatever.localhost without SSL warning for self signed certificates ?

That would simplify my life when developing stuff on localhost and importing them between different things over http(s).

edit: Kids, you see those articles that regularly hit the frontpage about work/life balance ? The ones about how you need healthy sleep patterns and crunching all night long is actually bad for you brain ? This comment is what happens when you read those but don't actually follow through with recommendations.

Sorry everyone ^^.

acoard

It means FireFox could visit https://whatever.localhost without SSL warnings for self-signed certs. It has no bearing on cURL. cURL is maintained by Daniel Stenberg (an open source legend), whereas FireFox is maintained by Mozilla. Completely separate. This is like asking if Tesla's new car policy will affect your Toyota.

aorth
I was curious about this because the release notes don't mention changing the behavior of HTTPS for localhost. I set up a local test and http://mytest.localhost works without having to add an entry to /etc/hosts, but https://mytest.localhost with a self-signed TLS certificate will still raise a SEC_ERROR_UNKNOWN_ISSUER error. You still need to ignore those or install your own root CA with something like https://github.com/FiloSottile/mkcert for that to work seamlessly.