In the last week or so (approximately same timeframe as Firefox 75 release), local development of my example application (Rabbit) that uses auth0-spa-js has started failing in Firefox with the below error:
auth0-spa-js must run on a secure origin.
See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin
for more information.
Because of some problem I can't quite remember the details of, I've been using rabbit.localhost (with an entry in my hosts to resolve that host to 127.0.0.1) for my local development.
It seems that Firefox trusts "localhost" as a "secure origin", but not "*.localhost" type addresses. The ".localhost" address seems to work fine in Chrome.
The question: Is there a way to get Firefox to accept a specific "xxx.localhost" as a secure origin?
For the moment, my workaround is to go back to using Chrome for local development.
This is now fixed in version 84: https://news.ycombinator.com/item?id=25431563