[Webkit-unassigned] [Bug 284559] New: Safari 18.2 non-secure site connections warning blocks localhost

Thu Dec 12 08:42:22 PST 2024

https://bugs.webkit.org/show_bug.cgi?id=284559

            Bug ID: 284559
           Summary: Safari 18.2 non-secure site connections warning blocks
                    localhost
           Product: WebKit
           Version: Safari 18
          Hardware: Mac (Apple Silicon)
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: opendarwin at lapcatsoftware.com

Created attachment 473554

  --> https://bugs.webkit.org/attachment.cgi?id=473554&action=review

Sample html to reproduce the bug

Steps to reproduce:
1) Open Safari 18.2
2) In Safari Security Settings, enable "Warn before connecting to a website over HTTP"
3) Download the attached index.html file
4) In Terminal, cd ~/Downloads; /usr/bin/python3 -m http.server
5) In Terminal, open -a Safari 'http://localhost:8000'

Expected results: "This Connection Is Not Secure" warning, with options to Continue or Go Back

Actual results: Safari can't open the page "http://localhost:8000/". The error is: "Navigation failed because the request was for an HTTP URL with HTTPS-Only enabled" (WebKitErrorDomain:305)

Notes: This is the new Safari 18.2 feature described at https://webkit.org/blog/16301/webkit-features-in-safari-18-2/#security-and-privacy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241212/3bc270b9/attachment.htm>