My domain is: bcs.visualware.com
I read this article and it gives me hope that someone here will know how to resolve this.
Our use case is:
Our browser-based solution uses web sockets to communicate with a utility running on the client's computer. We control both ends of the communication. We use the domain above, which resolves to 127.0.0.1 to open a secure web socket to our utility.
In almost all scenarios this works.
However, more frequently we are seeing issues with DNS rebinding protection that blocked DNS lookups that resolve to local IPs.
Our current certificate authority won't issue a certificate for localhost, only a specific IP private IP address. This doesn't help us as we need to know the IP in advance to initiate the connection and every client will be different.
We also can't connect using wss://127.0.0.1 due to lack of certificate and we can't use ws://127.0.0.1 because most sites are hosted over HTTPS.
My question is, how do we set this up in a way that remains secure but does not trigger DNS rebinding protection?
There IS a workaround, that involves updating DNS servers on the client to something like 8.8.8.8. However, this increases friction at the client end and could easily disappear as a solution at any point.
Guidance welcome.