I have just stumbled upon what is a very helpful flag in chrome (for developers):

chrome://flags/#allow-insecure-localhost

Having always had to generate self signed certs for multiple services this is great, but it begs the questions - is this secure? Is this secure to leave on all the time?

If this is not secure what are the attacks possible?

I have just stumbled upon what is a very helpful flag in chrome (for developers):

chrome://flags/#allow-insecure-localhost

The flag is described as:

Allow invalid certificates for resources loaded from localhost.
Allows requests to localhost over HTTPS even when an invalid certificate is presented. – Mac, Windows, Linux, Chrome OS, Android

Having always had to generate self signed certs for multiple services this is great, but it begs the questions - is this secure? Is this secure to leave on all the time?

If this is not secure what are the attacks possible?