About Secure Context for Development Environment

Certain browser features require secure contexts, such as HTTPS protocol to be used.

When developing locally, these URLs are considered also secure:

  • http://127.0.0.1
  • http://localhost
  • http://*.localhost
  • file://*

So if you want to have custom domains in your /etc/hosts file for projects developed locally, make sure to end them with .localhost and NOT something else like .local or .dev.

Here is a list of features requiring secure contexts:

  • Credential Management API
  • Web Authentication API (WebAuthn)
  • Clipboard API (write access)
  • Storage Access API
  • Geolocation API
  • MediaDevices API (getUserMedia)
  • Web Bluetooth API
  • Web USB API
  • Web Serial API
  • Web NFC API
  • Service Workers
  • Push Notifications API
  • Background Fetch API
  • Secure WebSockets (wss://)
  • Performance API (some navigation details)
  • Resource Timing API (detailed data)
  • Web Crypto API
  • Payment Request API
  • Persistent Storage API (navigator.storage.persist())
  • Private Network Access (PNA)
  • SharedArrayBuffer
  • COOP/COEP Headers (for cross-origin isolation)
  • Fullscreen API (some features)

Development Security JavaScript HTML5