Post · bonfire.cafe

@teleclimber@social.tchncs.de · 3 days ago

Google is going to make HTTPS required by default in Chrome in a year.

In the post there is quite a bit of talk about the problem of obtaining a cert for local network names. Hopefully their push to make everything-HTTPS will include local network addresses too. We really badly need it.

They kind of seem to say they will, but it's all talk until shown otherwise: "In the future, we hope to work to further reduce barriers to adoption of HTTPS, especially for local network sites."

https://security.googleblog.com/2025/10/https-by-default.html

#chrome #security #selfhosting

Google Online Security Blog

HTTPS by default

One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...

Andres

@Andres4NY@social.ridetrans.it replied · 3 days ago

@teleclimber "Don't warn (by default) for non-public IPs" seems like an obvious thing that should be implemented. Note that this doesn't mean names that resolve to non-public IPs (eg, foo.com points to 192.168.0.1 by a malicious actor on the local lan). But for people going directly to https://192.168.0.1, there obviously shouldn't be a certificate warning!

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.21 no JS en

Automatic federation enabled