Security warning on localhost when multiple URLs present for single login

mkwerle
mkwerle
Community Member
in Mac

When working on web applications, I often launch the exact same app in ways that are seen insecurely on localhost (and 127/8), but securely through pseudo domains that resolve to my current IP. To support this, I create a single login with various URLs.

When I only have one URL for localhost, there is no security warning on using HTTP instead of HTTPS, but when using multiple, I get a security warning every time.

Comments

  • khad
    khad
    1Password Alumni

    Hi @mkwerle,

    Thanks for taking the time to contact us about this.

    What you are seeing is expected behavior. If the site has no secure login page (HTTPS), then we don't pester you with that warning every single time you try to log in to the site. There is nothing you can do about it anyway, so it would just be a hassle. The only way for 1Password to determine this is based on the URLs stored in the Login item. So if there is no HTTPS URL in the Login item, we can only surmise that the site simply doesn't have a secure login page.

    If there is even one secure login page (HTTPS URL) saved in the Login item, then we know that a secure Login page does exist, so we show you the warning if you are on an insecure (HTTP) page.

    I hope that makes sense. Please let me know if you have any other questions or concerns. We're always happy to help!

This discussion has been closed.