Self-signed SSL certs not valid on MacOS 10.15.4 if localhost is used (Catalina)

[marcusschiesser]

• Operating System: MacOS 10.15.4 (Catalina)
• Node Version: v10.17.0
• NPM Version: 6.11.3
• webpack Version: 4.36.1
• webpack-dev-server Version: 3.10.3
• Browser: Safari 13.1

• This is a bug
• This is a modification request

Code

...
module.exports = merge(common, {
    mode: 'development',
    devServer: {
        port: 8000,
        https: true,
        http2: false,
        hot: true,
        compress: false,
        watchContentBase: true,
        contentBase: path.join(__dirname, 'public'),
...

Expected Behavior

The autogenerated SSL certificate should be accepted by Safari if URL is requested via localhost (https://localhost:8000)

Actual Behavior

If requested via https://localhost:8000, the certificate is not accepted, only if requested via https://127.0.0.1:8000

For Bugs; How can we reproduce the behavior?

Start up webpack-dev-server with SSL enabled on a MacOS 10.15.4 system; attempt to hit the server in Safari 13.1 using https://localhost:8000
Related to #2273.

For Features; What is the motivation and/or use-case for the feature?

[alexander-akait]

On Safari 13 self-signed SSL certs works?

[marcusschiesser]

yes, but for me it was only working accessing https://127.0.0.1:8000 not https://localhost:8000

[alexander-akait]

@marcusschiesser maybe you have a firewall or something same?

[marcusschiesser]

@evilebottnawi only standard firewall from macOS, this one:

and lookup of localhost is working:

~ » nslookup localhost                               
Server:		2401:e180:8844:ce38::2a
Address:	2401:e180:8844:ce38::2a#53

Name:	localhost
Address: 127.0.0.1

[marcusschiesser]

Update:
With firewall turned off, the same behavior.

[alexander-akait]

Close in favor #2957, maybe safari has the same chrome://flags/#allow-insecure-localhost, it is default behavior for browsers now 😞