@moonstar_x @mikegreen @kaldune02 @bs1
The team has provided additional information regarding local development and a change to go along with the June 10 update to fix the situation described below.
localhost and anything in the 127.0.0.0/8 IP range is an acceptable value for parent (e.g. parent=localhost or parent=127.0.0.1). As it stands at the moment though, since the player is served over HTTPS, so does your local development for successful CSP URL matching according to the spec (added the link for reference only if you’re curious). In other words, if you specify parent=localhost, your local development needs to be served on https://localhost:443 or if you specify parent=127.0.0.1, your local development needs to be served on https://127.0.0.1:443. Note that the CSP does not require the HTTPS connection to actually have a valid certificate.
All of that said and recognizing that this is not ideal for local development, the team is going to implement a change next week that makes an exception for local development. With that change, localhost and the 127.0.0.0/8 IP range will be able to accept HTTP and any port (though the port should not be specified in the parent value as ports are not valid in the expression). In other words, with that change, you will not need to have HTTPS set up for local development.
Hopefully this helps explain the current situation and how it’ll be addressed next week.