Setting allowInsecure: false should not be blindly blocking http://, it should not block requests to http://localhost and http://*.localhost because these are valid Secure Contexts.
This bug blocks users from using their own local gateway (ipfs desktop, kubo, rainbow).
Solution
Correctly recognize http://localhost[:port] and http://*.localhost[:port] as secure contexts.
[!IMPORTANT]
Only localhost label is marked as Secure Context, URLs with loopback 127.0.0.1 IPs are not.
Problem
Setting
allowInsecure: false
should not be blindly blockinghttp://
, it should not block requests tohttp://localhost
andhttp://*.localhost
because these are valid Secure Contexts.This bug blocks users from using their own local gateway (ipfs desktop, kubo, rainbow).
Solution
Correctly recognize
http://localhost[:port]
andhttp://*.localhost[:port]
as secure contexts.Ref.