2

In the last week or so (approximately same timeframe as Firefox 75 release), local development of my example application (Rabbit) that uses auth0-spa-js has started failing in Firefox with the below error:

auth0-spa-js must run on a secure origin.
  See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin 
  for more information.

Because of some problem I can't quite remember the details of, I've been using rabbit.localhost (with an entry in my hosts to resolve that host to 127.0.0.1) for my local development.

It seems that Firefox trusts "localhost" as a "secure origin", but not "*.localhost" type addresses. The ".localhost" address seems to work fine in Chrome.

The question: Is there a way to get Firefox to accept a specific "xxx.localhost" as a secure origin?

For the moment, my workaround is to go back to using Chrome for local development.

Shorn
  • 19,077
  • 15
  • 90
  • 168
  • I found two related questions : https://stackoverflow.com/q/57146558 and https://stackoverflow.com/q/61867895, but there doesn’t seem to be an easy solution at the moment. The second question has a link to an open [bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1220810) in Firefox about this – user1738984 Oct 13 '20 at 14:23

1 Answers1

0

This is now fixed in version 84: https://news.ycombinator.com/item?id=25431563

Shorn
  • 19,077
  • 15
  • 90
  • 168