Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Yes, get your local environment as close to production as possible, helps you catch stupid https bugs. Also, you won't need differing dev/prod config other than the certs
-
C0D4669024yFor local, no, but i stand by the fact Dev/local and prod should be as close of a replica as possible.
For staging / prod, yes. -
localhost could be pointing to a remote server (e.g. if looked up over DNS with a man in the middle).
While absolutely unlikely and nearly irrelevant (as localhost is in your hosts file), but this scenario is listed as a vulnerability for the original SSH (not OpenSSH): https://kb.cert.org/vuls/id/... -
The fun thing is: You should do migration testing in a localhost environment.
My workstation has - thanks to Gentoo and bleeding edge - more than once catched a fuckity before it was _too late_.
And especially in cryptography it can - eg regarding ciphers - be a decisive factor to realize at an early stage that you'll need to get the weed whacker...
You deploy in localhost, you'll fire up the engines and suddenly all phasers gone to fail - the HTTP library is so old that it rejects the newer ciphers...
Or a certain library has under certain conditions done the wrong thing...
And after OpenSSL upgrade suddenly the library presents you the big middle finger and justs terminates.
Cryptography libraries and their implementation can be very fuckity. And when you need to replace cert chains it's usually a nightmare.
Not because it's hard, but because an oversight can lead to full blackout. :/ -
ThorE594yAlso necessary if you work with Web Workers, you can't deploy them without having HTTPS enabled
-
Inxentas7894yIs there a quick and easy way to get one on your local machine (apache)? With web hosts you send a mail and it's done, but all I seem to find about getting a fake one locally involves many steps I don't understand. Fucked up my WAMP twice now.
-
hjk10156964yFor things like oauth/openid connect you need it. For preventing mixed protol and for detecting problems (like mixed protol). As @alexbrooklyn says keep it as close to prod as possible.
Related Rants
What is the use of https in local host? Do I really need to enforce it in local server even tho I'll add ssl cert after it gets deployed anyway! For example an express server in localhost .Does it need ssl in local server?
rant
question
development