DEV Community

loading...

Discussion on: [discontinued] Run a green-badge local HTTPS server with zero configuration

Collapse
alshakero profile image
Omar Alshaker Author • Edited

This is absolutely horrible advice. You are literally saying 'it's ok to trust someone because they say they are trustworthy'. That is the worst security advice there is.

Where am I saying this?

I am afraid you totally misunderstood the point of this post. This has nothing to do with trust at all. It is not meant to be secure nor trusted.

It strictly works for localhost, and merely to satisfy Chrome while testing if your asset URLs are all https, all your cookies are secure etc.

This CANNOT be used in production, because as mentioned in the article, the domain points to 127.0.0.1. And even if I change the domain to another IP address, visiting it would be simply like visiting any URL on the vast web.

The link you cite has nothing to do with this post.