Closed drzax closed 6 years ago
phocks
commented
6 years ago That sounds fine to me. So this will just serve over https locally? We might want to check @colingourlay's modifications to news-core that proxy to people's machines using "proxy_howlifehaschanged=ws204914" to make sure it points to https... also nucwed seems to redirect to http from https when I try it also. Is this mainly for "local" local development?
drzax
commented
6 years ago Yeah, I thought preview was going to https too, so all in all this might be a little premature, tbh.
drzax
commented
6 years ago Anyone else have thoughts on this (@colingourlay, @nathanhoad)? I didn't want merge it because invalid certificates are super annoying. But I just had to do this on a per-project basis again and I'd rather it be the default if possible.
This is one tip to reduce the annoyance, but it doesn't solve internal abc subdomains. chrome://flags/#allow-insecure-localhost
For the record I looked into doing something much more elaborate on this, generating persistent cert keys and providing instructions for trusting in your OS so you could avoid content warnings all together. In the end though it seems more sensible to leave that up to individuals to allow exceptions in-browser.
I'm happy to take further input though.