I'm developing a PWA using Vite and want to be able to test the built app locally. All major browsers block HTTP in favour of HTTPS due to the security issues, but Chrome (at least) has an exception to this for localhost in order to allow testing web apps locally.
This would be great, except we use cookie domains to sync logins across multiple subdomains, so I need the domain to be in the form of appName.local.company.com, which is then referenced in my hosts file. Doing this completely removes the benefits of localhost, thus removing the ability to install the app.
Is there a way of whitelisting certain sites, or simply allowing the ability for HTTP to be used? I don't make a habit of installing PWAs ever, and since I'm only hosting this one locally I can't see any security issues with it.
You can use the unsafely-treat-insecure-origin-as-secure flag.
Add the origin which you want to allowlist to the list (make sure the flag is enabled) and relaunch Chrome.
You can test that it worked by checking window.isSecureContext