Google Chrome 88 Enterprise “chrome://flags/#allow-insecure-localhost” issue to be fixed in Chrome 89, but there’s a workaround
Certain times, a situation may arise where devs wish to communicate with localhost using HTTPS to perhaps run a local web server for web development or some other service that offers a web interface.
The best way to do so is by generating a self-signed certificate. Subsequently, a web server can be set up and the created certificate can be imported manually.
This is a pretty tedious process though which has led many to rely on the ‘allow-insecure-localhost’ flag that can be easily enabled on Chrome.
When this is turned on, requests to localhost are allowed over secure HTTPS even when invalid certificates are presented. One can say that the flag is used by developers for nothing more than the convenience it offers.
For the uninitiated, the flag can be accessed by simply inputting ‘chrome://flags/#allow-insecure-localhost’ into Chrome’s address bar. Or it could be at least until the latest version of Chrome Enterprise showed up.
This is because the flag has seemingly been done away with on Google Chrome 88 Enterprise. And going by several complaints, it has proven to be a dealbreaker for many.
Last week I could navigate to edge://flags/#allow-insecure-localhost and I could edit the flag so that my localhost could serve invalid SSL certificates. Today after the latest Edge update (Version 88.0.705.50) I can no longer find this flag. Has it moved to another secret area? How can I allow insecure localhost SSL certs again for my application?
Of course, a flag removal on Chrome will also eventually affect other browsers like Opera and Edge as well since they’re all just branches of the Chromium base. This is pretty clear from the quotation above.
Nonetheless, if you are one of the users facing this issue, then you will be pleased to know that the removal is temporary and the flag will be added back with Google Chrome version 89.
This seems to be an issue with Edge 88.0.705.50. In higher version, Edge 89.0.767.0, the flag comes back again.
Therefore, you might want to jump over to the beta branch of your browser. That, however, isn’t really necessary as there is indeed another way to enable the allow-insecure-localhost flag on Chrome.
The steps for this have been given below:
1. Launch ‘chrome://flags/#temporary-unexpire-flags-m87’ from address bar
2. Set to Enabled
3. Restart Chrome
4. Launch ‘chrome://flags/#allow-insecure-localhost’
5. It will be visible now, so simply enable it
6. Restart Chrome again
In case you are wondering what purpose the ‘temporary-unexpire-flags-m87’ flag serves, it helps to ‘unexpire’ flags that have been hidden and are set for a permanent deletion with a future Chrome update.
PiunikaWeb started purely as an investigative tech journalism website with a main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Fox News, Gizmodo, TechCrunch, Engadget, The Verge, MacRumors, and many others. Want to know more about us? Head here.