That means your local development machine needs to;
- Be able to serve HTTPs
- Have self-signed certificates in place to handle that
- You'll have to click through the annoying unsecure site window every time
Such fun.
Part of HSTS is the requirement that certificate warnings become unskippable. So the above wouldn't work - you'll need an actual CA-signed certificate that is accepted by the browser, otherwise, you won't be able to access the site.
That means your local development machine needs to;
- Be able to serve HTTPs
- Have self-signed certificates in place to handle that
- You'll have to click through the annoying unsecure site window every time
Such fun.
Part of HSTS is the requirement that certificate warnings become unskippable. So the above wouldn't work - you'll need an actual CA-signed certificate that is accepted by the browser, otherwise, you won't be able to access the site.