Setting allowInsecure: false should not be blindly blocking http://, it should not block requests to http://localhost and http://*.localhost because these are valid Secure Contexts.
This bug blocks users from using their own local gateway (ipfs desktop, kubo, rainbow).
Solution
Correctly recognize http://localhost[:port] and http://*.localhost[:port] as secure contexts.
[!IMPORTANT]
Only localhost label is marked as Secure Context, URLs with loopback 127.0.0.1 IPs are not.
Problem
Setting
allowInsecure: falseshould not be blindly blockinghttp://, it should not block requests tohttp://localhostandhttp://*.localhostbecause these are valid Secure Contexts.This bug blocks users from using their own local gateway (ipfs desktop, kubo, rainbow).
Solution
Correctly recognize
http://localhost[:port]andhttp://*.localhost[:port]as secure contexts.Ref.