Hacker News new | past | comments | ask | show | jobs | submit login

No, because you'd have to distribute the private key for the local webserver to be able to sign the connection challenge.



But that's just a reason why it would be a bad idea, not a reason that they couldn't do it or that it wouldn't work.

I would think that they could distribute the cert (and the key) and have it work. [Edit] Unless browsers detect that it's a local IP address behind the domain name and still consider it a special case of origin.


Plex solved this problem is pretty much the way you describe.

https://blog.filippo.io/how-plex-is-doing-https-for-all-its-...


it's not the nicest solution, but I don't see the problem with a public certificate and public private key (yeah not the most elegant wording) that is literally issued to `localhost` or `127.0.0.1` (not localhost.zoom.us because that still goes through DNS once and could be hijacked)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: