27Kas
Chrome allow insecure localhost
I have just stumbled upon what is a very helpful flag in chrome (for developers):
chrome://flags/#allow-insecure-localhost
The flag is described as:
Allow invalid certificates for resources loaded from localhost.
Allows requests to localhost over HTTPS even when an invalid certificate is presented. – Mac, Windows, Linux, Chrome OS, Android
Having always had to generate self signed certs for multiple services this is great, but it begs the questions - is this secure? Is this secure to leave on all the time?
If this is not secure what are the attacks possible?
