[mcny]

> I'm pretty sure I'm misunderstanding the value-add of having TLS for localhost connections...

It often feels like the noose is tightening tbh. There are things that contemporary "evergreen" web browsers just flat out refuse to do without https.

I think this is where they document this... https://www.chromium.org/Home/chromium-security/prefer-secur...

which I got from this stack overflow answer https://stackoverflow.com/a/34161385

[capableweb]

Yes, which makes sense I guess, but localhost et al are already considered "secure origins" by that, so the features should be available regardless if you're doing TLS or not, if you're loading the document/page/application from localhost.