[stock_toaster]

I've run into resolvers that filter things like that to prevent dns rebinding attacks. And localhost (the hostname) does not work for CORS.

Best option is probably to set dev.our-root-domain.com in /etc/hosts

[1]: https://en.wikipedia.org/wiki/DNS_rebinding

[whalesalad]

Haven't had an issue yet, with a team scattered across US, Canada and UK. I'm sure it's possible - but so far we've been using this for about 3 years with no hiccups.

[stock_toaster]

Definitely more common on corporate networks.

I guess most home users (remote employees) are probably either using their ISP's resolvers, or browser DoH (Dns-Over-HTTPS).