add ".local" to checks in isSecureEnvironment

[logikaljay]

Feature request

I would like to add ".local" to the list of hosts checked in src/lib/cookies.js

Is your feature request related to a problem? Please describe.

The problem I am facing is when developing a multi-tenanted application in my local environment, I define the tenant in my hosts file as tenant-name.application.local.
The isSecureEnvironment method in src/lib/cookies.js checks the host header to include 127.0.0.1 and localhost which returns false, causing the cookie to be set as Secure:

Describe the solution you'd like

I would like to add ".local" to the list of hosts checked in src/lib/cookies.js

Describe alternatives you've considered

Changing my hosts file to use tenant-name.application.localhost, however when accessing the application from other machines on the network it might be confusing, calling a remote host that ends with .localhost.

I believe the .local tld is fairly commonly used to resolve a machine on your local network.

Additional context

Adding ".local" to the array might return some false positives due to the way the values are checked.
EG: [".local", ...].includes(host) would return true for the fictional vhost: app.localbusiness.com.

Maybe it would be better suited to change the check from:

  if (['localhost', '127.0.0.1'].indexOf(host) > -1) {
    return false
  }

To:

  if (['localhost', '127.0.0.1'].indexOf(host) > -1 || host.endsWith('.local')) {
    return false
  }

Would be better suited.

[github-actions]

🎉 This issue has been resolved in version 1.13.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀